Suckfly

Threat Actor Profile Updated 4 days ago
Download STIX
Preview STIX
Suckfly, an advanced threat group, has been identified as conducting targeted attacks using multiple stolen certificates, hacktools, and custom malware. This group is not the only one to use certificates to sign malware, but they are possibly the most prolific collectors of them. The group's broad arsenal of hacktools and varieties of malware suggests a high level of sophistication and resource availability. Over the years, Suckfly has managed to stay off the radar of security organizations while continually developing malware, purchasing infrastructure, and carrying out targeted attacks. The group has been linked to several subgroups that form part of the APT41 collective, including Wicked Panda, Winnti, and Barium. Security researchers, including those at Symantec and Trend Micro, have tracked their activities and put in place specific detections to protect against Suckfly's malware. However, the nature of Suckfly's operations indicates that it is unlikely they are orchestrating these attacks independently. Suckfly's targets have included some of India's largest organizations, such as a major e-commerce company, a significant shipping company, a leading financial organization, and an IT firm supporting the country's largest stock exchange. By targeting these entities collectively, Suckfly could potentially have a substantial impact on India and its economy. Given this pattern, it is expected that Suckfly will continue to target similar organizations in India and other countries to provide economic insight to the entity behind Suckfly's operations.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Earth Freybug
1
Earth Freybug is a threat actor that has been active since at least 2012, engaging in cyber espionage and financially motivated activities. It's considered a subset of APT41, a collective of Chinese threat groups known by various names such as Winnti, Wicked Panda, Barium, and Suckfly. Earth Freybug
Winnti
1
Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar
Wicked Panda
1
Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. Recognized as one of the top cyber threats by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, this group has been associated wit
Barium
1
Barium, also known as BRONZE ATLAS and part of the APT41 collective, is a China-linked cyberespionage group that has been active since at least 2007. It is associated with several other subgroups, including Wicked Panda, Winnti, Suckfly, and Blackfly. This threat actor has been responsible for vario
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Symantec
Apt
Malware
exploited
Vulnerability
Windows
India
Government
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
NidiranUnspecified
1
Nidiran is a form of malware, a harmful software designed to exploit and damage computer systems, often infiltrating systems through suspicious downloads, emails, or websites without the user's knowledge. Nidiran was utilized by Suckfly, a cybercriminal group, in their attacks, where they delivered
StuxnetUnspecified
1
Stuxnet, a notorious malware discovered in 2010, is one of the most infamous Advanced Persistent Threat (APT) attacks in history. This military-grade cyberweapon was co-developed by the United States and Israel to specifically target Iran's nuclear enrichment facility at Natanz. The Stuxnet worm, a
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BlackflyUnspecified
1
Blackfly is a threat actor, tracked by Symantec, that has been involved in cyber-attacks primarily targeting South Korean companies, especially those in the video game and software development industry. The group initiated its activities with a campaign to steal certificates, which were later utiliz
APT41is related to
1
APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Suckfly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
4 days ago
China's APT41 Targets Global Logistics, Utilities Companies
DARKReading
4 months ago
China-Linked Threat Actor Hides Via 'Peculiar' Malware
MITRE
a year ago
Endpoint Protection - Symantec Enterprise
MITRE
a year ago
Endpoint Protection - Symantec Enterprise