A Cyber espionage group that specifically targets Indian entities

Key targets include well-known financial institution, a large e-commerce firm, a top-five IT firm, two govt organisations

In March 2016, Suckfly, an advanced cyber espionage group that conducted attacks against a number of South Korean organisations to steal digital certificates was reported by security solutions firm Symantec. However, the company in its latest blog stated that the primary targets for this attack were individuals and organisations primarily located in India.

The attacks focused on high-profile targets, including government and commercial organizations. While there have been several Suckfly campaigns that infected organizations with the group's custom malware Backdoor.Nidiran, the Indian targets show a greater amount of post-infection activity than targets in other regions. "This suggests that these attacks were part of a planned operation against specific targets in India," said Jon DiMaggio of Symantec in his blog.

 

Many of the targets identified by Symantec were well known commercial organisations located in India. These include one of India's largest financial organisations, a large e-commerce company, the e-commerce firm's primary shipping vendor, one of India's top five IT firms, a US healthcare provider's Indian business unit and two government organisations.

Suckfly spent more time attacking the government networks compared to all but one of the commercial targets. Additionally, one of the two government organizations had the highest infection rate of the Indian targets.

"Indian government org #2 is responsible for implementing network software for different ministries and departments within India's central government. The high infection rate for this target is likely because of its access to technology and information related to other Indian government organizations," said the blog.

The blog further added that by targeting all of these organisations together, Suckfly could have had a much larger impact on India and its economy. "While we don't know the motivations behind the attacks, the targeted commercial organisations, along with the targeted government organisations, may point in this direction," said the blog.

Most of Suckfly group's attacks are focused on government organisations (32 per cent), technology (29 per cent), e-commerce (14 per cent), financial (14 per cent), shipping (7 per cent) and healthcare (4 per cent) were also targeted by this group

In 2015, Symantec's Internet Security threat Report (ISTR) had highlighted the rise in targeted attacks aimed at Indian businesses dealing with critical infrastructure. Further the latest edition of the report (ISTR 21) highlighted that Indian organisations were the sixth most targeted in Asia, with targeted organizations on the receiving end of two attacks on an average. Almost 40 per cent of BFSI businesses were also attacked at least once.