A group of cyber criminals is attacking multi-billion dollar companies across Europe, the US and Canada in order to gain confidential information and intellectual property, IT security firm Symantec has warned.
The corporate espionage group, which is not-state sponsored but financially motivated, has compromised a string of major corporations over the past three years including those operating in the pharmaceutical, commodities, IT software and internet sectors – such as Twitter and Facebook.
Symantec is calling the attack group 'Butterfly'. However, there's nothing delicate about its impact. The group operates at a much higher level than the average cybercrime gang, bypassing credit card details or customer databases in favour of high-level corporate information.
Its motivations are to sell the information to the highest bidder, or the gang may be operating as hackers for hire, Symantec speculates. Or the stolen information may be used for insider trading purposes.
Information such as company emails, legal and policy documents, financial records, product descriptions and training documents have been targeted. The group may have accessed CCTV feeds too, showing the movement of people around buildings.
Previous attacks have been highly ambitious, with attackers infecting its victims by compromising a website used by mobile developers and using a Java zero day exploit to infect them with malware.
The gang is technically proficient and well resourced. It keeps a low profile and maintains good operational security. When it has compromised a target organisation, it even goes so far as cleaning up after itself before moving on to its next target.
Butterfly was first spotted in early 2013 but went underground following its exposure that year. However, Symantec has discovered that the group has been active since at least March 2012 – and its attacks have in fact increased in number.
To date, it has attacked 49 different organisations in more than 20 countries.
"Having managed to increase its level of activity over the past three years whilst maintaining a low profile, the group poses a threat that ought to be taken seriously by corporations," warns Symantec.
Copyright © Misco 2014. Misco is a trading name of Misco UK Ltd. All rights reserved. E&OE Registered in Scotland Number 114143. Registered Office: Caledonian Exchange, 19a Canning Street, Edinburgh, EH3 8HE. VAT number: 494 1756 15. All prices mentioned (pounds) exclude postage and packaging. All orders comply to Misco terms and conditions.