Symantec has published a blog sharing their research into Suckfly’s advanced espionage attempts on Indian government and commercial organizations; speculated intent to disrupt economy
Symantec has published a blog on activities of Suckfly- an advance cyberespionage group that conducted long term espionage campaigns against high profile targets including government and commercial organizations in India. Symantec identified a number of attacks over a two-year period, beginning in April 2014. These attacks occurred in several different countries, but Symantec’s investigation revealed that the primary targets were individuals and organizations primarily located in India. The Indian targets show a greater amount of post-infection activity than targets in the other regions. This suggests that these attacks were part of a planned operation against specific targets in India. The Symantec blog on the activities of Suckfly takes an in-depth look at its activities in India along with its attack lifecycle.
As per the press release, many of the targets Symantec identified were well known commercial organizations located in India. These organizations included:
• One of India’s largest financial organizations
• A large e-commerce company
• The e-commerce company’s primary shipping vendor
• One of India’s top five IT firms
• A United States health care provider’s Indian business unit
• Two government organizations
Suckfly spent more time attacking the government networks compared to all but one of the commercial targets. Additionally, one of the two government organizations had the highest infection rate of the Indian targets. Indian government is linked to departments of India’s central government and is responsible for implementing network software for different ministries and departments. The high infection rate for this target is likely because of the organization’s access, technology, and information that it has on other Indian government organizations. Suckfly’s attacks on government organizations that provide information technology services to other government branches is not limited to India. They have conducted attacks on similar organizations in Saudi Arabia, likely because of the access that those organizations have.
While most of Suckfly group’s attacks are focused on government organisations (32%), technology (29%), e-commerce (14%), financial (14%), shipping (7%) and healthcare (4%) were also targeted by this group. Suckfly targeted one of India’s largest e-commerce companies, a major Indian shipping company, one of the largest financial organizations, and an IT firm that provides support for India’s largest stock exchange. All of these targets are large corporations that play a major role in India’s economy. Attacking one of these organizations would be detrimental to that organization. By targeting all of these organizations together, Suckfly could have had a much larger impact on India and its economy.
Suckfly has the resources to develop malware, purchase infrastructure, and conduct targeted attacks for years while staying off the radar of security organizations. Symantec believes that Suckfly will continue to target organizations in India, and similar organizations in other countries to provide economic insight to the organization behind Suckfly’s operations, said the release.