News / Threat Reports

NEW: Sowbug APT

Symantec reports on Sowbug APT targeting South American and Southeast Asian institutions

  • The group appears to be carrying out espionage campaigns on foreign policy institutions and diplomatic targets. Symantec alleges that the discovery of Felismus RAT in March 2017 is the first evidence of the group’s existence.
  • In early May, Sowbug reportedly exfiltrated data from one South American foreign ministry, and deployed two unknown payloads to the infected server. Symantec reports that Sowbug impersonates commonly used software packages such as Windows or Adobe Reader to appear legitimate.
  • It is still unknown how Sowbug performs its initial infiltration of a target’s network. There was evidence that Felismus was installed using the Starloader trojan, but not how the trojan was first installed on the machine.

As coverage continues, Silobreaker users can easily set up a dashboard to automatically collect, alert, analyse, monitor and visualise mentions of Sowbug from hundreds of thousands of open sources in real time.

 

Screenshot 1 – Silobreaker Network – Real-time link analysis leveraging unstructured open source data to detect relationships between various entities. This link analysis gives timely and intuitive insights into the associations surrounding Sowbug including related malware, IOCs, command & control infrastructure, affected countries and affected products.

 

Screenshot 2 – Silobreaker Dashboard automatically collecting and contextualising data in relation to Sowbug as and when it’s published. This is a great way to keep on top of developments whilst allowing Silobreaker’s analytical tools to make sense of the data via simple-to-disseminate visualisations, trends, link analyses and highlighting of specific entities such as IOCs.

 

To see further analysis of the Sowbug APT and other cyber threats to your organisation in Silobreaker, book an online demo today.

 


Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • Silobreaker Daily Cyber Digest – 23 August 2019

      Malware Asruex variant exploits old MS Office and Adobe vulnerabilities Researchers at Trend Micro discovered an Asruex variant that exploits the known vulnerabilities...
  • Silobreaker Daily Cyber Digest – 22 August 2019

      Malware First known spyware based on AhMyth found on Google Play Store The malicious app called ‘Radio Balouch’ (or ‘RB Music’) and detected...
  • Silobreaker Daily Cyber Digest – 21 August 2019

      Malware Hidden-Cry ransomware posing as Fortnite cheat tool Cyren researchers analysed Hidden-Cry ransomware, which poses as a cheat in Fortnite that allows players...
View all News

Request a demo

Get in touch