This hacker group targets SEA and South American governments, steals data remotely
It has been discovered that a mysterious hacking and infiltration group has been using malware to steal valuable data from targeted governments. The group responsible for the attacks, Sowbug is targeting foreign policy institutions, as well as diplomats in South East Asia and South America and have been around at least since the beginning of 2015.
A covert process helped the group maintain their secrecy as they have been implementing campaigns unbeknownst to governments, for up to six months. According to Symantec, governments in Argentina, Peru, Ecuador, Brazil, Brunei, as well as Malaysia were Sowbug victims. The attackers use a backdoor trojan Felismus in their attacks that allows them to infiltrate, perform key-logging, avoid being detected, as well as send out more malware.
The hackers are well-versed in their field, and are formidable enough to simultaneously invade targets during their operations, which happened outside working hours, to remain discreet. Once they have a hold of a system, attackers sometimes disguise their malware as common applications, like Adobe Reader.
Based on how low-profile the attacks were, is it still unclear as to how Felismus infects a targeted network. There have been speculations that it was dispatched from a system on the network that had already been compromised. It has also been theorized that Felismus is installed through a malware loader called Starloader. There is another guess that says Starloader was disguised as bogus software updates, as Starloader files AdobeUpdate.exe, AcrobatUpdate.exe, and INTELUPDATE.EXE and more were discovered by security researchers.