News / Threat Reports

NEW: Sowbug APT

Symantec reports on Sowbug APT targeting South American and Southeast Asian institutions

  • The group appears to be carrying out espionage campaigns on foreign policy institutions and diplomatic targets. Symantec alleges that the discovery of Felismus RAT in March 2017 is the first evidence of the group’s existence.
  • In early May, Sowbug reportedly exfiltrated data from one South American foreign ministry, and deployed two unknown payloads to the infected server. Symantec reports that Sowbug impersonates commonly used software packages such as Windows or Adobe Reader to appear legitimate.
  • It is still unknown how Sowbug performs its initial infiltration of a target’s network. There was evidence that Felismus was installed using the Starloader trojan, but not how the trojan was first installed on the machine.

As coverage continues, Silobreaker users can easily set up a dashboard to automatically collect, alert, analyse, monitor and visualise mentions of Sowbug from hundreds of thousands of open sources in real time.

 

Screenshot 1 – Silobreaker Network – Real-time link analysis leveraging unstructured open source data to detect relationships between various entities. This link analysis gives timely and intuitive insights into the associations surrounding Sowbug including related malware, IOCs, command & control infrastructure, affected countries and affected products.

 

Screenshot 2 – Silobreaker Dashboard automatically collecting and contextualising data in relation to Sowbug as and when it’s published. This is a great way to keep on top of developments whilst allowing Silobreaker’s analytical tools to make sense of the data via simple-to-disseminate visualisations, trends, link analyses and highlighting of specific entities such as IOCs.

 

To see further analysis of the Sowbug APT and other cyber threats to your organisation in Silobreaker, book an online demo today.

 


Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • Silobreaker Daily Cyber Digest – 20 November 2019

      Malware Malware-as-a-service Phoenix keylogger gains popularity with cybercriminals Researchers at Cybereason have identified keylogger malware, named Phoenix, which is gaining popularity among cybercriminals. ...
  • Silobreaker Daily Cyber Digest – 19 November 2019

        Malware New ACBackdoor targets Windows and Linux devices Researchers at Intezer identified a new backdoor, named ACBackdoor, which can be used to...
  • Silobreaker Daily Cyber Digest – 18 November 2019

      Malware NextCloud Linux Servers hit with new NextCry ransomware BleepingComputer and security researcher Michael Gillespie analysed a newly spotted malware, named NextCry, which...
View all News

Request a demo

Get in touch