Cyber Espionage Group Butterfly Targeting Major Corporations

Corporate espionage group Butterfly has compromised a series of major corporations over the past three years, targeting confidential information and intellectual property. Symantec has been monitoring this group and working with its victims to track the attackers over the past two years. While tracking the group, Symantec found that Butterfly compromised high-profile companies operating in the Internet, IT software, pharmaceutical and commodities sectors. Twitter, Facebook, Apple, and Microsoft are among the companies who have publicly acknowledged the attacks.

Stolen Information

This group is much more complex than the average cybercrime gang. However, it is not going after the usual credit card, banking details or customer information. The team is targeting organizations’ intellectual property, legal and policy documents, financial records, product descriptions and training documents. Their purpose of stealing the data appears to be for monetary gain. It is suspected that this group may be made up of native English speakers that are familiar with Western culture.

Butterfly appears to have a high level of knowledge about the organizations it is targeting and is focused on stealing specific kinds of information. It is uncertain how the group plans to monetize the leveraged data; Butterfly may be selling this information to the highest bidder on the black market, or they may be operating as hackers for hire. Stolen information can also be used for insider trading purposes.

The group has developed a toolkit of custom malware tools capable of attacking both Windows and Apple operating systems and appears to have used at least one zero-day vulnerability in its attacks. The group keeps a low profile and after successfully compromising a target organization, it will clean up after itself before moving on to its next target.

You Are Protected

Norton users, never fear! We protect against the toolsets of this group, as long as your definitions and product is up to date. If your product has expired, you can update it here.
 

For a more detailed technical analysis, please read Symantec’s whitepaper:
Butterfly – Corporate Spies Out For Financial Gain