Friday 20 May 2016

A Group Of Cyber-Espionage Targets On The Indian Government As Well As Private Entities

A Group Of Cyber-Espionage Targets On The Indian Government As Well As Private Entities

A group of Cyber-Espionage which is known as Suckfly is targeting on the governments as well as big private companies which are primarily located in India and they using a backdoor that is named as Nidiran which is a credential dumping tool called as Hacktool, Windows OLE exploit CVE-2014-6332, and also stolen the digital certificates.

Suckfly group's attacks are targeting on Following groups
  • Government organisations (32 per cent), 
  • Technology (29 per cent), 
  • E-commerce (14 per cent), 
  • Financial (14 per cent), 
  • Shipping (7 per cent) and 
  • Healthcare (4 per cent) 

In March, the group first appeared to Symantec's attention when it was trapped the theft the digital certificates from a variety of companies of South Korean.

A few months later when inspecting the clues left behind by the group. Whereas the experts of Symantec declared to have found the activity of Suckfly going back as early as April 2014.

The group of Suckfly paying attention to Indian targets.

The group primarily targeted to the Indian companies but the researchers have discovered hacked the businesses in Saudi Arabia as well. Symantec says that it found the group focused on two organizations of the Indian government in a large e-commerce company which is one of the biggest financial groups of a country that is one of its top five IT companies, a shipping vendor as well as a US-based healthcare provider for several kind of Indian companies.

Apart from one confidentially owned the company where the group exhausted much time attacking the two agencies of Indian government than anyone else.

Symantec's Joe DiMaggio reported that "There is no evidence that Suckfly gained any benefits from attacking the government organizations, but someone else may have benefited from these attacks. The nature of the Suckfly attacks suggests that it is unlikely that the threat group orchestrated these attacks on their own."

Suckfly utilizes the tactics of APT-style.

According to the analysis of Symantec of Suckfly's mode of operation discloses the tactics of cyber-warfare that engaged through most of the groups of APT as well as economic espionage.

The attacks of Suckfly initiate with the phishing emails which distribute the documents of booby-trapped. And these files develops the CVE-2014-6332 to affect the target with the backdoor of Nidiran that hackers utilize to establish the Hacktool which is the kind of utility of password dumping.

Then hackers use these passwords to explore as well as investigate the neighboring network and collect any kind of potentially interesting data and also again utilize the backdoor to send it off to their servers.

Whereas the Symantec noticed that these attacks took place only on weekdays, when the group was certain to discover the people at work to read the spear-phishing emails.

At the moment of the security researchers that could not tell accurately if the group is state-sponsored or not.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer