SYMBOLCOMMON_NAMEaka. SYNONYMS

Sowbug  (Back to overview)

aka: G0054

Sowbug has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates.


Associated Families
win.starloader win.felismus

References
2019MITREMITRE ATT&CK
@online{attck:2019:sowbug:1065fa1, author = {MITRE ATT&CK}, title = {{Group description: Sowbug}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0054/}, language = {English}, urldate = {2019-12-20} } Group description: Sowbug
Sowbug
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:sowbug:8b617c4, author = {Cyber Operations Tracker}, title = {{Sowbug}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/sowbug}, language = {English}, urldate = {2019-12-20} } Sowbug
Sowbug
2017-11-07SymantecSymantec Security Response
@online{response:20171107:sowbug:7f0d6eb, author = {Symantec Security Response}, title = {{Sowbug: Cyber espionage group targets South American and Southeast Asian governments}}, date = {2017-11-07}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments}, language = {English}, urldate = {2019-12-17} } Sowbug: Cyber espionage group targets South American and Southeast Asian governments
Felismus StarLoader Sowbug

Credits: MISP Project