Emerging Threats

Cyber espionage group Butterfly targeting major corporations

Authored by a Symantec employee


Corporate espionage group Butterfly has compromised a series of majorcorporations over the past three years, targeting confidential information and intellectual property. Symantec has been monitoring this group and working with its victims to track the attackers over the past two years. While tracking the group, Symantec found that Butterfly compromised high-profile companies operating in the Internet, IT software, pharmaceutical and commodities sectors. Twitter, Facebook, Apple, and Microsoft are among the companies who have publicly acknowledged the attacks.

A security suite that helps protect your devices.

Free security software just doesn’t have the resources to keep up with new threats as they emerge. That’s why you need a multi-layered defense to security. Meet Norton Security Premium — protection for up to 10 of your devices.

Stolen information

This group is much more complex than the average cybercrime gang. However, it is not going after the usual credit card, banking details or customer information. The team is targeting organizations’ intellectual property, legal and policy documents, financial records, product descriptions and training documents. Their purpose of stealing the data appears to be for monetary gain.

It is suspected that this group may be made up of native English speakers that are familiar with Western culture.

Butterfly appears to have a high level of knowledge about the organizations it is targeting and is focused on stealing specific kinds of information. It is uncertain how the group plans to monetize the leveraged data; Butterfly may be selling this information to the highest bidder on the black market, or they may be operating as hackers for hire. Stolen information can also be used for insider trading purposes.

The group has developed a toolkit of custom malware tools capable of attacking both Windows and Apple operating systems and appears to have used at least one zero-day vulnerability in its attacks. The group keeps a low profile and after successfully compromising a target organization, it will clean up after itself before moving on to its next target.

You are protected

Norton users, never fear! We protect against the toolsets of this group, as long as your definitions and product is up to date. If your product has expired, you can update it here.

For a more detailed technical analysis, please read Symantec’s whitepaper:
Butterfly – Corporate Spies Out For Financial Gain

Our best protection. One low price

Norton Security Premium helps protect up to 10 of your Windows PCs, Macs, Android smartphones or your iPads.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.