Friday, April 25, 2025
HomeHacksDangerous Cyber Espionage Group Called Sowbug Spotted Conducting High Profile Cyber Attacks

Dangerous Cyber Espionage Group Called Sowbug Spotted Conducting High Profile Cyber Attacks

Published on

SIEM as a Service

Follow Us on Google News

A New Hacking and Cyber Espionage Group Called Sowbug launching highly targeted cyber attacks targetting South America and Southeast Asia. They are mounting attacks with classic espionage techniques and steals documents from organizations.

Snowbug primarily focussing on government entities in South America and Southeast Asia and infiltrated to organizations in Argentina, Brazil, Ecuador, Peru, Brunei, and Malaysia.

Symantec uncovered this Cyber Espionage group, the first evidence of them was found in March 2017 where the Hackers using a piece of malware called Felismus to attack the target in Southeast Asia. With their further analysis, the security analyst found them in the first intrusion in early 2015.

- Advertisement - Google News

Also Read: Dangerous Keylogger Found in MantisTek GK2 Keyboard that Capture Users Data and Sending into China

They use to maintain a long-term presence and perform reconnaissance activities through CMD and collects system and network related information.

According to Symantec The first evidence of its intrusion dated from May 6, 2015, but activity appeared to have begun in earnest on May 12. The attackers appeared to be interested in one division of the ministry that is responsible for relations with the Asia-Pacific region. They attempted to extract all Word documents stored on a file server belonging to this division by bundling them into a RAR archive by running the following command:
cmd.exe /c c:\windows\rar.exe a -m5 -r -ta20150511000000 -v3072 c:\recycler\[REDACTED].rar “\\[REDACTED]\*.docx” \\[REDACTED]\*.doc.

 Cyber Espionage Group “Snowbug” Infiltration

Their infiltration to the target network still remains unknown and still, there are no traces on how Felismus enters into victims computer.

The Cyber Espionage Group is well equipped, capable of attacking multiple targets simultaneously and will often work outside the working hours of targeted organizations in order to maintain a low profile.

According to analysis from Forcepoint, the malware appears to be modular and capable of self-updating and the executable is written with obfuscation methods to harden analysis and reverse engineering effects.

Felismus installed through Starloader, according to Symantec attackers may be providing fake updates or through the Starloader files being named AdobeUpdate.exe, AcrobatUpdate.exe, and INTELUPDATE.EXE among others.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chrome UAF Process Vulnerabilities Actively Exploited

Security researchers have revealed that two critical use-after-free (UAF) vulnerabilities in Google Chrome’s Browser...

Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish

An alarming data leak involving Microsoft Defender XDR has exposed more than 1,700 sensitive...

‘SessionShark’ – A New Toolkit Bypasses Microsoft Office 365 MFA Security

Security researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users:...

Hackers Exploit MS-SQL Servers to Deploy Ammyy Admin for Remote Access

A sophisticated cyberattack campaign has surfaced, targeting poorly managed Microsoft SQL (MS-SQL) servers to...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gain Legends International Suffers Security Breach – Customers Data Stolen

Gain Legends International, a prominent name in sports, entertainment, and venue management, has confirmed...

Over 17,000 Fortinet Devices Hacked Using Symbolic Link Exploit

A major cyberattack has compromised more than 17,000 Fortinet devices globally, exploiting a sophisticated...

Hacktivist Group Becomes More Sophisticated, Targets Critical Infrastructure to Deploy Ransomware

A recent report by Cyble has shed light on the evolving tactics of hacktivist...