Sowbug

Sowbug, a previously unidentified threat actor, has been discovered by Symantec engaging in highly targeted cyber attacks against organizations primarily in South America and Southeast Asia. The group appears to be heavily focused on foreign policy institutions and diplomatic targets, executing classic espionage attacks and stealing documents from the infiltrated organizations. The first evidence of Sowbug-related activity was uncovered in March 2017 with the discovery of a new piece of malware named Felismus used against a target in Southeast Asia. However, the association between Felismus and Sowbug remained unknown until recently. To date, Sowbug has been observed mainly targeting government entities in countries including Argentina, Brazil, Ecuador, Peru, Brunei, and Malaysia. The method Sowbug employs for initial infiltration into a target's network remains unclear. Yet, once inside, the group tends to maintain a long-term presence, sometimes remaining within a victim's environment for up to six months. For instance, in September 2016, Sowbug infiltrated an organization in Asia, deploying the Felismus backdoor on one of its computers under the file name adobecms.exe in CSIDL_WINDOWS\debug. This stealthy and persistent approach underscores the sophisticated nature of Sowbug's operations. The emergence of Sowbug serves as a reminder that no region is immune to cyber espionage threats, especially given the steady increase in active operations in recent years. Customers with Intelligence Services or WebFilter-enabled products are protected against activities associated with the Sowbug group. As such, it is crucial for organizations to stay vigilant, adopt robust cybersecurity measures, and remain updated about evolving threat actors and their tactics.