Group of Suckfly Cyber-Espionage Targets Indian Private and Government Companies

Symantec, a tech firm of cybersecurity, in recent times published the report mentioning Suckfly's activities. Suckfly is advanced cyber espionage group, which conducted various long-term campaigns of espionage against prominent targets consisting commercial organisations and governments in India.

Symantec identified several attacks happened during last two years, starting from April 2014. These attacks happened in many countries, however Symantec's investigation discovered that the main targets were organisations and individuals mainly located in India.

Symantec identified many targets, which were very popular commercial organisations situated in India. The organizations include a big e-commerce company, one of the biggest financial organizations in India, two organizations of government and one of the top 5 IT firms in India. Suckfly devoted more time in attacking government networks as compared to all barring one commercial targets. Moreover, one of the 2 government organisations had the maximum infection rate among the Indian targets.

All these targets are big corporations, which play a key role in the development of Indian economy. It would be very damaging for the organization if it receives attack. Thetechportal.com posted on May 18th, 2016, stating that Suckfly could have had a much more effect on India and in its economy by targeting each and every of these organisations altogether.

The post also states that, an Indian organization (government) is connected with central government departments of India, and is also accountable for implementing software network in various departments and ministries. High infection rate of the target is expected due to the organisation's access, information and technology, which it has on other government organisations in India.

The attacks by Suckfly on the government organizations, which provide services regarding information technology to other branches of the government, are not only confined to India.

The attacks by Suckfly begin with phishing emails, which deliver the booby-trapped documents. These documents (files) exploit the CVE-2014-6332 to infect target with Nidiran backdoor that the attackers use for installing Hacktool, which is a password removal utility.

Crooks then are using these passwords to search and scout the local network, collect any possibly interesting data as well as use the backdoor another time to send it to the servers.

Symantec observed that these attacks happened on weekdays only because the group was definite to find various working people who will read spear-phishing emails.

» SPAMfighter News - 5/25/2016