India major target of cyber attacks by Suckfly: Symantec

19 May 2016

Global cyber security leader Symantec on Wednesday warned that Indian government and commercial organisations will continue to be targets of cyber attacks by advanced cyber espionage group Suckfly.

In a blog post publishing activities of Suckfly, Symantec named India among other countries whose organisations it believes will continue to be targeted.

Suckfly is known to have conducted cyber attacks on several Indian government and commercial organisations over a two-year period.

"Suckfly has the resources to develop malware, purchase infrastructure, and conduct targeted attacks for years while staying off the radar of security organisations. During this time, they were able to steal digital certificates from South Korean companies and launch attacks against Indian and Saudi Arabian government organisations," said Symantec in its blog post.

"The Indian targets show a greater amount of post-infection activity than targets in the other regions. This states that these attacks were part of a planned operation against specific targets in India," the blog post read.

Symantec also identified, without naming, global targets across several industries that include one of India's largest financial organisations, a large ecommerce company, one of India's top five IT firms, a US health care provider's Indian business unit and two government organisations.

"An Indian government (organisation) is linked to departments of India's central government and is responsible for implementing network software for different ministries and departments. The high infection rate for this target is likely because of the organisation's access, technology and information that it has on other Indian government organisations," the post further read.

Suckfly's attacks on government organisations that provide information technology services to other government branches is not limited to India.

They have conducted attacks on similar organisations in Saudi Arabia, likely because of the access that those organisations have, said Symantec.