Espionage group hijacks rival's infrastructure


By Dylan Bushell-Embling
Tuesday, 25 June, 2019

Espionage group hijacks rival's infrastructure

Symantec security researchers believe that they have observed for the first time a cyber espionage group hijack the infrastructure of another espionage group.

The researchers have been tracking the activity of the Waterbug (otherwise known as Turla) espionage group, which has continued to attack governments and international organisations over the past 18 months.

During one attack against a Middle Eastern target, Waterbug appeared to hijack the infrastructure from the separate Crambus group and used it to deliver malware on the victim’s network. Media reports have linked Waterbug with the Russian government and Crambus with Iran.

“While it is possible that the two groups may have been collaborating, Symantec has found no further evidence to support this,” Symantec’s DeepSight Adversary Intelligence Team said in a blog post.

“In all likelihood, Waterbug’s use of Crambus infrastructure appears to have been a hostile takeover. Curiously, though, Waterbug also compromised other computers on the victim’s network using its own infrastructure.”

Symantec said the incident leaves a number of unanswered questions about Waterbug’s motive for hijacking Crambus infrastructure.

The blog post lists several possibilities, including a potential false flag operation or the possibility that Waterbug attackers discovered the Crambus intrusion while preparing the attack and using it as a means to an end for gaining access while sowing confusion among investigators.

Waterbug’s attacks over the 18 months can be divided into three campaigns and have had targets in South America, Europe, the Middle East, South and South East Asia. Since early 2018, Waterbug has attacked 13 organisations across 10 different countries.

“Waterbug’s ever-changing toolset demonstrates a high degree of adaptability by a group determined to avoid detection by staying one step ahead of its targets,” the blog post states.

“Frequent retooling and a penchant for flirting with false flag tactics have made this group one of the most challenging adversaries on the targeted attack landscape.”

Image credit: ©stock.adobe.com/au/ArtemSam

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related News

Govt unveils code of practice to boost IoT security

The Australian Government has released a code of practice for IoT devices like smart televisions...

Career opportunities booming in RPA

UiPath has revealed that the COVID-19 pandemic has increased demand for robotic process...

Magento 1 still in wide use despite reaching end of life

Adobe has issued the final patches for version 1 of the popular e-commerce platform Magento, but...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd