Suckfly APT

Type: Cyber espionage/ Cyber criminal

Status: Active

Active Since/Discovered: 2014/2015

Last Report: June 2016

Targets: US, India, Saudi Arabia

Target Sectors: Healthcare, government, IT


  • At least 45 hacking tools and custom malware
  • Backdoor.Nidiran
  • Backdoor.Nidiran!g1
  • Hacktool
    • Password theft, reconnaissance and lateral movement

Preferred Attack Vector:  Spear phishing, Watering hole attacks and exploits


  • CVE-2014-6332
  • Custom malware signed with authentic code-signing certificates
  • Credential theft


  • Known for stealing code-signing certificates
  • Uses many of the same malware delivery techniques as the PlugX and Korplug campaigns
  • May be associated with Blackfly