Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Symantec Threat Intelligence: Waterbug

Today, Symantec has released new information about the Waterbug attack group. The group has continued to attack governments and international organisations over the past eighteen months in a series of campaigns that have featured a rapidly evolving toolset and, in one notable instance, the apparent hijacking of another espionage group’s infrastructure.

Waterbug’s most recent campaigns have involved a swath of new tools including custom malware, modified versions of publicly available hacking tools, and legitimate administration tools. The group has also followed the current shift towards “living off the land,” making use of PowerShell scripts and PsExec, a Microsoft Sysinternals tool used for executing processes on other systems.

Victims of Waterbug include government departments such as Foreign Affairs ministries in Europe, the Middle East and Latin America.

During an attack against a target in the Middle East, Waterbug appeared to hijack infrastructure from the Crambus espionage group and used it to deliver malware on to the victim’s network. While it is possible that the two groups may have been collaborating, Symantec hasn’t found further evidence to support this. It’s most likely that Waterbug’s use of Crambus infrastructure was a hostile takeover.

There are several potential, unconfirmed motives behind Waterbug’s takeover of Crambus infrastructure. Waterbug does have a track record of using false flag tactics to confuse investigators, but it’s also possible that the group strategically hijacked Crambus’s infrastructure as a means of gaining access to the target organisations.

To read the full Threat Intelligence Report please go to https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments


Advertisement - scroll to continue reading

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.