← threatfilter.dev / all groups / Sowbug
Sowbug
Overview
Sowbug is a threat group that has conducted targeted attacks against organizations in South America and Southeast Asia, particularly government entities, since at least 2015.
Targets
Government
Regions
Argentina · Brazil · Brunei · Ecuador · Malaysia · Peru
TTPs — 9 techniques across 5 tactics
Execution
-
T1059.003Windows Command Shell
Stealth
Credential Access
-
T1003OS Credential Dumping
Discovery
-
T1082System Information Discovery -
T1083File and Directory Discovery -
T1135Network Share Discovery
Collection
-
T1039Data from Network Shared Drive -
T1056.001Keylogging -
T1560.001Archive via Utility
Tools & malware (2)
Starloader · Felismus
Reporting (1)
- Sowbug: Cyber espionage group targets South American and Southeast Asian governments — Symantec Security Response