India has become the latest target of cyberespionage. A hacker group going by the name of Suckfly has been targeting Indian government and commercial organisations by focusing on high-profile individuals and installing spyware on their work networks to access sensitive information.
Security firm Symantec first uncovered the hacker group's activities when it began targeting South Korean organisations in March 2016. However, a more in-depth analysis lead to the researchers discovering that the group, which has developed a custom malware called Backdoor.Nidiran, had also been targeting major government and commercial organisations in India.
Although Symantec has not revealed the identity of the organisations and individuals that have been targeted, it did indicate that one of India's top financial institutions, an IT company, an e-commerce firm and two separate government organisations were among those that were targeted by Suckfly.
Symantec senior threat intelligence analyst Jon DiMaggio said in a company blog: "We have identified a number of attacks over a two-year period, beginning in April 2014, which we attribute to Suckfly. The attacks targeted high-profile targets, including government and commercial organizations. These attacks occurred in several different countries, but our investigation revealed that the primary targets were individuals and organizations primarily located in India."
According to the security firm, the cyberespionage group's campaign against India first began in April 2014 and has since targeted several organisations within and outside the borders of India, including the Indian branch of a US healthcare provider. The methodology of the hacker group involved zeroing in on a key employee and infecting that person's system with a malware which then would deploy a systematic phishing attack to gather intel.
Most notably, when researchers analysed the timing of the instructions sent, they discovered that the hacker group had no activity during weekends. This led Symantec to conclude that the hacker group is professional rather than amateur, also indicating that the operation could be state-sponsored.
So far, the origins and identity of Suckfly remain a mystery, however, evidence shows that their targets have been South Korea, Saudi Arabia and India.
"The nature of the Suckfly attacks suggests that it is unlikely that the threat group orchestrated these attacks on their own. We believe that Suckfly will continue to target organizations in India and similar organizations in other countries in order to provide economic insight to the organization behind Suckfly's operations," DiMaggio said.