BEST OF THE WEB

Four Canadian firms hit by criminal group, says Symantec

A criminal group has been systematically targeting large corporations — including four Canadian organizations — over the past three years to steal confidential information and intellectual property, warns Symantec.

In a blog last week the security vendor said the group, which it has dubbed Butterfly, has hit 49 organizations in more than 20 countries including Twitter, Facebook, Apple, Microsoft and firms in the pharmaceutical, legal and oil and precious metals sectors. More details on the group are in this Symatec report.

Symantec describes the group as “technically proficient and well resourced” and — perhaps surprisingly — not interested in credit card data. “The group has developed a suite of custom malware tools capable of attacking both Windows and Apple computers,” says the report, “and appears to have used at least one zero-day vulnerability in its attacks. It keeps a low profile and maintains good operational security. After successfully compromising a target organization, it cleans up after itself before moving on to its next target.”

Part of the reason it’s been hard to track is the group uses encrypted virtual machines and multi-staged command and control servers to make it difficult to investigate.

The attacks date back to 2012 and typically involve compromising a website used by mobile developers (iPhoneDevSDK. com) and using a Java zero-day exploit (CVE-2013-0422, since been patched) to infect them with a Mac OS X back door known as OSX.Pintsized or a Windows back door, Backdoor.Jiripbot. It is not uncommon for the attackers to gain a foothold in an organization’s regional offices, then spreading to its headquarters. In many attacks, Symantec [Nasdaq: SYMC] says, the group compromised Microsoft Exchange or Lotus Domino email servers to intercept company emails, and possibly use them to send counterfeit emails.

In addition to the four unnamed Canadian firms hit, 17 organizations in the U.S. and 12 in Europe were victims. Symatec doubts the Butterfly group is state-sponsored.

 

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web