Sweed

The Sweed hacking group's activity was first spotted back in 2017. This ill-minded actor has been updating their hacking arsenal constantly, and some of the most popular tools they have used are the Formbook malware, the Agent Tesla malware, and the Lokibot malware.

Preferred Propagation Method

The preferred propagation method of the Sweed hacking group is phishing emails. They would often use social engineering techniques to craft their emails and make them seem as legitimate as possible. These emails often contain macro-laced attachments which contain the payload of the malware. If the victim falls for their trickery, they will give the attackers access to their system.

Targets Microsoft Office Exploits

In their first campaigns, the Sweed hacking group would propagate their threats via a '. ZIP' archive which would be delivered to them via email and would contain the threat. The threat was written in .NET and was obfuscated to avoid detection by anti-malware tools. This initial payload would serve as a backdoor so the attackers can plant the Agent Tesla malware onto the infected host. Since then, The Sweed hacking group has evolved and now tends to use known exploits of Microsoft Office like the CVE-2017-11882 and the CVE-2017-8759.

It is not known where the Sweed hacking group is operating from yet. Unlike other hacking groups which tend to concentrate their efforts in a specific area of the world, the Sweed group has launched attacks all around the world, making it difficult for malware researchers to pinpoint their exact location. They are known to have launched operations with targets in the United States, Russia, China, Canada, and several South American countries. It is important to note that the Sweed hacking group does not develop their own tools but instead buys and uses publicly available hacking tools. However, many hacking groups have started off this way and have later developed the technical skills to build their own tools.