May 18, 2016
A cyber-espionage group called Suckfly is targeting governments and big enterprises, mainly located in India, using a backdoor named Nidiran, a credential dumping tool dubbed Hacktool, Windows OLE exploit CVE-2014-6332, and stolen digital certificates.
The group first came to Symantec’s attention when, in March, it was caught stealing digital certificates from various South Korean companies.
A few months later, while investigating clues left behind by the group, Symantec experts claimed to have discovered Suckfly activity going back as early as April 2014.
Suckfly group focused on Indian targets
The group mainly targeted Indian companies, but researchers found hacked businesses in Saudi Arabia as well. Symantec says it discovered the group targeted two Indian government organizations, a large e-commerce company, one of the country’s biggest financial groups, one of its top five IT companies, a shipping vendor, and a US-based healthcare provider for various Indian companies.
Except one privately owned company, the group spent more time attacking the two Indian government agencies than anyone else.