A sophisticated cyber espionage group is hacking computers belonging to governments in South America and Southeast Asia, security firm Symantec said in a report Tuesday.
The group, which Symantec has dubbed Sowbug, first came on the company’s radar in March, when it was spotted using previously unknown malware against a network in Southeast Asia. It appears to have been operating since at least 2015.
And while Symantec doesn’t have evidence that the attackers are affiliated with any particular government, the group is using advanced custom software tools and has been spotted looking for data linked to international relations. In one case, Sowbug hacked into a South American country’s foreign ministry, searching for Word documents from the branches handling Southeast Asian relations and working with international organizations.
“It’s definitely something that would be of interest to a nation state,” says Alan Neville, a threat intelligence analyst at Symantec.
Sowbug’s code has been spotted on computers in Argentina, Brazil, Ecuador, Peru, Brunei, and Malaysia, Symantec says. Cyber espionage has been less common in South America so far, the company said in a statement, though the practice has been on the rise across the world.
Russian government-affiliated hackers who meddled with last year’s U.S. election are alleged to have targeted thousands of other groups around the world, and American officials have blamed China in years past for massive international hacking operations. North Korea has been accused of sponsoring the hackers who infamously invaded Sony Pictures Entertainment and even…