Itpa webheader

Espionage group hijacks rival's infrastructure


By Dylan Bushell-Embling
Tuesday, 25 June, 2019


Espionage group hijacks rival's infrastructure

Symantec security researchers believe that they have observed for the first time a cyber espionage group hijack the infrastructure of another espionage group.

The researchers have been tracking the activity of the Waterbug (otherwise known as Turla) espionage group, which has continued to attack governments and international organisations over the past 18 months.

During one attack against a Middle Eastern target, Waterbug appeared to hijack the infrastructure from the separate Crambus group and used it to deliver malware on the victim’s network. Media reports have linked Waterbug with the Russian government and Crambus with Iran.

“While it is possible that the two groups may have been collaborating, Symantec has found no further evidence to support this,” Symantec’s DeepSight Adversary Intelligence Team said in a blog post.

“In all likelihood, Waterbug’s use of Crambus infrastructure appears to have been a hostile takeover. Curiously, though, Waterbug also compromised other computers on the victim’s network using its own infrastructure.”

Symantec said the incident leaves a number of unanswered questions about Waterbug’s motive for hijacking Crambus infrastructure.

The blog post lists several possibilities, including a potential false flag operation or the possibility that Waterbug attackers discovered the Crambus intrusion while preparing the attack and using it as a means to an end for gaining access while sowing confusion among investigators.

Waterbug’s attacks over the 18 months can be divided into three campaigns and have had targets in South America, Europe, the Middle East, South and South East Asia. Since early 2018, Waterbug has attacked 13 organisations across 10 different countries.

“Waterbug’s ever-changing toolset demonstrates a high degree of adaptability by a group determined to avoid detection by staying one step ahead of its targets,” the blog post states.

“Frequent retooling and a penchant for flirting with false flag tactics have made this group one of the most challenging adversaries on the targeted attack landscape.”

Image credit: ©stock.adobe.com/au/ArtemSam

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related News

Privacy and compliance — ITPA Breakfast Briefing

Don't miss ITPA's inaugural Breakfast Briefing, North Sydney, 14 August, where you'll...

Call for submissions — linux.conf.au 2020

linux.conf.au 2020 organisers have issued an invitation to IT professionals for proposals for...

Microsoft backtracks on plan to rescind IUR

Microsoft has reversed course on planned changes to its partner incentive program which would see...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd