Misco Cookie Policy
We have published a new cookie policy. It explains what cookies are and how we use them on our website. To find out more about cookies, click here. By closing this message, you consent to our use of cookies on this website in accordance with our cookie policy. You can disable cookies, however please note that disabling deleting or disallowing cookies will affect your web experience.

Butterfly: the cyber gang that stings like a bee, stealing corporate secrets

Butterfly: the cyber gang that stings like a bee, stealing corporate secrets
13th July 2015

by Shannon Greenhalgh

A group of cyber criminals is attacking multi-billion dollar companies across Europe, the US and Canada in order to gain confidential information and intellectual property, IT security firm Symantec has warned.

The corporate espionage group, which is not-state sponsored but financially motivated, has compromised a string of major corporations over the past three years including those operating in the pharmaceutical, commodities, IT software and internet sectors – such as Twitter and Facebook.

Symantec is calling the attack group 'Butterfly'. However, there's nothing delicate about its impact. The group operates at a much higher level than the average cybercrime gang, bypassing credit card details or customer databases in favour of high-level corporate information.

Its motivations are to sell the information to the highest bidder, or the gang may be operating as hackers for hire, Symantec speculates. Or the stolen information may be used for insider trading purposes.

Information such as company emails, legal and policy documents, financial records, product descriptions and training documents have been targeted. The group may have accessed CCTV feeds too, showing the movement of people around buildings.

Previous attacks have been highly ambitious, with attackers infecting its victims by compromising a website used by mobile developers and using a Java zero day exploit to infect them with malware.

The gang is technically proficient and well resourced. It keeps a low profile and maintains good operational security. When it has compromised a target organisation, it even goes so far as cleaning up after itself before moving on to its next target.

Butterfly was first spotted in early 2013 but went underground following its exposure that year. However, Symantec has discovered that the group has been active since at least March 2012 – and its attacks have in fact increased in number.

To date, it has attacked 49 different organisations in more than 20 countries.

"Having managed to increase its level of activity over the past three years whilst maintaining a low profile, the group poses a threat that ought to be taken seriously by corporations," warns Symantec.


Join our mailing list

Featured IT News

IT News Archive

Tweeting Now