Security firm Symantec has come out with a new report which brings to light the activities of a cyberespionage group called Suckfly which targets Indian organizations. The attackers first arrived on the international scene back in March 2016 when they conducted attacks against a South Korean company to steal their digital certificates.
Since then, Symantec has traced a number of high-profile targets starting from April 2014 back to Suckfly. While the attacks spanned a number of different nations, the security company’s investigation claims that the primary targets of these assaults were governments and organizations based in India.
To make things worse, Indian firms showed a greater amount of post-infection activity via Suckfly’s custom Backdoor.Nidiran malware compared to businesses in other places. Symantec thinks this demonstrates that the attacks were part of a planned operation against particular targets in India.
Although the report did not name which organizations in India were affected by these attacks, Symantec mentions that they are well-known commercial businesses. The list includes a large e-commerce site, its shipping vendor, a top five IT firm, two government bodies, and a US-based healthcare provider’s Indian business unit.
Symantec asserts that Suckfly spent most of its energy hacking into the government’s network. One of the departments affected is in charge of implementing network software for a number of ministries and departments under the central government. The brand believes that is mostly due to the branch’s access to technology and data covering a wide range of Indian government organizations.
Symantec hasn’t been able to determine the motivation behind the attacks yet, but thinks it’s unlikely Suckfly devised these assaults on their own.