Itpa webheader

Espionage group hijacks rival's infrastructure

By Dylan Bushell-Embling
Tuesday, 25 June, 2019

Espionage group hijacks rival's infrastructure

Symantec security researchers believe that they have observed for the first time a cyber espionage group hijack the infrastructure of another espionage group.

The researchers have been tracking the activity of the Waterbug (otherwise known as Turla) espionage group, which has continued to attack governments and international organisations over the past 18 months.

During one attack against a Middle Eastern target, Waterbug appeared to hijack the infrastructure from the separate Crambus group and used it to deliver malware on the victim’s network. Media reports have linked Waterbug with the Russian government and Crambus with Iran.

“While it is possible that the two groups may have been collaborating, Symantec has found no further evidence to support this,” Symantec’s DeepSight Adversary Intelligence Team said in a blog post.

“In all likelihood, Waterbug’s use of Crambus infrastructure appears to have been a hostile takeover. Curiously, though, Waterbug also compromised other computers on the victim’s network using its own infrastructure.”

Symantec said the incident leaves a number of unanswered questions about Waterbug’s motive for hijacking Crambus infrastructure.

The blog post lists several possibilities, including a potential false flag operation or the possibility that Waterbug attackers discovered the Crambus intrusion while preparing the attack and using it as a means to an end for gaining access while sowing confusion among investigators.

Waterbug’s attacks over the 18 months can be divided into three campaigns and have had targets in South America, Europe, the Middle East, South and South East Asia. Since early 2018, Waterbug has attacked 13 organisations across 10 different countries.

“Waterbug’s ever-changing toolset demonstrates a high degree of adaptability by a group determined to avoid detection by staying one step ahead of its targets,” the blog post states.

“Frequent retooling and a penchant for flirting with false flag tactics have made this group one of the most challenging adversaries on the targeted attack landscape.”

Image credit: ©

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to

Related News

GitHub on mission to secure the world's open source software

GitHub has launched GitHub Security Lab, a platform designed to empower people to secure the...

Survey shows highest and lowest paid Aussie IT jobs

Robert Walters' latest Salary Survey shows the IT jobs that are expected to command the...

The IBM researcher who changed the world

Robert H Dennard, the inventor of DRAM, has been awarded the semiconductor industry's top...

  • All content Copyright © 2019 Westwick-Farrow Pty Ltd