Symantec reports on Sowbug APT targeting South American and Southeast Asian institutions
- The group appears to be carrying out espionage campaigns on foreign policy institutions and diplomatic targets. Symantec alleges that the discovery of Felismus RAT in March 2017 is the first evidence of the group’s existence.
- In early May, Sowbug reportedly exfiltrated data from one South American foreign ministry, and deployed two unknown payloads to the infected server. Symantec reports that Sowbug impersonates commonly used software packages such as Windows or Adobe Reader to appear legitimate.
- It is still unknown how Sowbug performs its initial infiltration of a target’s network. There was evidence that Felismus was installed using the Starloader trojan, but not how the trojan was first installed on the machine.
As coverage continues, Silobreaker users can easily set up a dashboard to automatically collect, alert, analyse, monitor and visualise mentions of Sowbug from hundreds of thousands of open sources in real time.
Screenshot 1 – Real-time link analysis leveraging unstructured open source data to detect relationships between various entities. This link analysis gives timely and intuitive insights into the associations surrounding Sowbug including related malware, IOCs, command & control infrastructure, affected countries and affected products.
Screenshot 2 – A Silobreaker dashboard automatically collecting and contextualising data in relation to Sowbug as and when it’s published. This is a great way to keep on top of developments whilst allowing Silobreaker’s analytical tools to make sense of the data via simple-to-disseminate visualisations, trends, link analyses and highlighting of specific entities such as IOCs.
To see further analysis of the Sowbug APT and other cyber threats to your organisation in Silobreaker, book an online demo today.
Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.