Security solutions provider Symantec has revealed the activities of Suckfly, an advanced cyberespionage group that conducted long term espionage campaigns against high profile targets including government and commercial organisations in India. Sharing more details in a blog, Symantec identified a number of attacks over a two-year period beginning in April 2014. These attacks occurred in several different countries, but Symantec’s investigation revealed that the primary targets were individuals and organizations primarily located in India. The Indian targets show a greater amount of post-infection activity than targets in the other regions. This suggests that these attacks were part of a planned operation against specific targets in India. The Symantec blog on the activities of Suckfly takes an in-depth look at its activities in India along with its attack lifecycle.

Many of the targets Symantec identified were well known commercial organisations located in India. These organisations include one of India’s largest financial organisations, a large e-commerce company, one of India’s top five IT firms and two government organisations, among others. Suckfly spent more time attacking the government networks compared to all but one of the commercial targets. Additionally, one of the two government organisations had the highest infection rate of the Indian targets.

The second Indian government organisation attacked is linked to departments of India’s central government and is responsible for implementing network software for different ministries and departments. The high infection rate for this target is likely because of the organisation’s access, technology, and information that it has on other Indian government organisations. Symantec adds that Suckfly’s attacks on government organisations that provide information technology services to other government branches is not limited to India. They have conducted attacks on similar organisations in Saudi Arabia, likely because of the access that those organisations have.
While most of Suckfly group’s attacks are focused on government organisations (32 percent), technology (29 percent), e-commerce (14 percent), financial (14 percent), shipping (7 percent) and healthcare (4 percent) were also targeted by this group. Suckfly has the resources to develop malware, purchase infrastructure, and conduct targeted attacks for years while staying off the radar of security organisations. Symantec believes that Suckfly will continue to target organisations in India, and similar organisations in other countries to provide economic insight to the organisation behind Suckfly’s operations.