Skip to main content
search

High-level corporate attacks

By July 10, 2015July 15th, 2016IT Support in Toronto

High-level corporate attacks

Butterfly: Profiting from high-level corporate attacks

Multi-billion dollar corporations hit by secretive attack group.

High-level corporate attacks

High-level corporate attacks

http://www.symantec.m_medium=social&utm_source=linkedin.com&utm_campaign=buffer

A corporate espionage group has compromised a string of major corporations over the past three years in order to steal confidential information and intellectual property. The gang, which Symantec calls Butterfly, is not-state sponsored, rather financially motivated. It has attacked multi-billion dollar companies operating in the internet, IT software, pharmaceutical, and commodities sectors. Twitter, Facebook, Apple, and Microsoft are among the companies who have publicly acknowledged attacks.

Butterfly is technically proficient and well resourced. The group has developed a suite of custom malware tools capable of attacking both Windows and Apple computers, and appears to have used at least one zero-day vulnerability in its attacks. It keeps a low profile and maintains good operational security. After successfully compromising a target organization, it cleans up after itself before moving on to its next target.

This group operates at a much higher level than the average cybercrime gang. It is not interested in stealing credit card details or customer databases and is instead focused on high-level corporate information. Butterfly may be selling this information to the highest bidder or may be operating as hackers for hire. Stolen information could also be used for insider-trading purposes.

A history of ambitious attacks
The first signs of Butterfly’s activities emerged in early 2013 when several major technology and internet firms were compromised. TwitterFacebookApple and Microsoft disclosed that they had been compromised by very similar attacks. The attackers attacked victims by compromising a website used by mobile developers and using a Java zero-day exploit to infect them with malware.

The malware used in these attacks was a Mac OS X back door known as OSX.Pintsized. Subsequent analysis by security researcher Eric Romang identified a Windows back door, Backdoor.Jiripbot, which was also used in the attacks.

Following this flurry of publicity, the Butterfly group slipped back into the shadows. However, an investigation by Symantec has found that the group has been active since at least March 2012 and its attacks have not only continued to the present day, but have also increased in number. Symantec has to date discovered 49 different organizations in more than 20 countries that have been attacked by Butterfly. Over time, a picture has emerged of a cybercrime gang systematically targeting large corporations in order to steal confidential data.

High-level corporate attacks

Are your systems optimized for maximum speed and performance? (I can tell you, 99% of the computer networks we review are NOT.

High-level corporate attacks

Call Group 4 Networks your IT Support provider from Toronto to help you with all your IT needs.

High-level corporate attacks

Close Menu