Hacker group targeting governments in South America, Asia

A new hacker group is stealing documents from South American and Southeast Asian government institutions and diplomats, researchers at Symantec claim. 

According to a report released Tuesday, the group has been active since at least early 2015 and has hit targets in Argentina, Brazil, Ecuador, Peru, Brunei and Malaysia.

“The attacks are modular and designed to be difficult to analyze,” said Alan Neville, a threat intelligence analyst for Symantec.

Neville added that Symantec had seen open source tools and credential harvesting tools grafted on to the malware used in the attack. 

The researchers believe the group is well-resourced, capable of operating multiple operations at the same time. 

{mosads}

Symantec is calling the group Sowbug. The Symantec report fills in a few details from an earlier report from Forcepoint, which discovered the Trojan horse malware being used in the attack but did not expound upon the attackers and targets in the attack. 

That Trojan, known as Felisums, was profiled by Forcepoint in May. It takes it’s cat-themed name from an encryption key Forcepoint found in the code, “Tom&Jerry@14here.”

Symantec is unclear how the attackers lure victims into installing the malware.