News / Threat Reports

NEW: Sowbug APT

Symantec reports on Sowbug APT targeting South American and Southeast Asian institutions

  • The group appears to be carrying out espionage campaigns on foreign policy institutions and diplomatic targets. Symantec alleges that the discovery of Felismus RAT in March 2017 is the first evidence of the group’s existence.
  • In early May, Sowbug reportedly exfiltrated data from one South American foreign ministry, and deployed two unknown payloads to the infected server. Symantec reports that Sowbug impersonates commonly used software packages such as Windows or Adobe Reader to appear legitimate.
  • It is still unknown how Sowbug performs its initial infiltration of a target’s network. There was evidence that Felismus was installed using the Starloader trojan, but not how the trojan was first installed on the machine.

As coverage continues, Silobreaker users can easily set up a dashboard to automatically collect, alert, analyse, monitor and visualise mentions of Sowbug from hundreds of thousands of open sources in real time.

 

Screenshot 1 – Silobreaker Network – Real-time link analysis leveraging unstructured open source data to detect relationships between various entities. This link analysis gives timely and intuitive insights into the associations surrounding Sowbug including related malware, IOCs, command & control infrastructure, affected countries and affected products.

 

Screenshot 2 – Silobreaker Dashboard automatically collecting and contextualising data in relation to Sowbug as and when it’s published. This is a great way to keep on top of developments whilst allowing Silobreaker’s analytical tools to make sense of the data via simple-to-disseminate visualisations, trends, link analyses and highlighting of specific entities such as IOCs.

 

To see further analysis of the Sowbug APT and other cyber threats to your organisation in Silobreaker, book an online demo today.

 


Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • Silobreaker Daily Cyber Digest – 22 June 2018

      Malware New GZipDe Malware drops Metasploit backdoor GZipDe is a new malware strain discovered by AlienVault that has recently been used in a...
  • Silobreaker Daily Cyber Digest – 21 June 2018

      Malware Mylobot leverages new evasion techniques Mylobot can shut down Windows Defender and Windows Update, block ports on the firewall, and close and...
  • Silobreaker Daily Cyber Digest – 20 June 2018

      Malware Thrip APT target satellite comms, telecom operators and defence firms Symantec spotted the hacker group Thrip APT, using the Microsoft Sysinternals tool...
View all News

Request a demo

Get in touch