Researchers are learning more about the cyberespionage group Bronze Butler. While the gang has been targeting Japanese heavy industry since 2012, not much is known about the group’s current modus operandi.
In a report released Thursday by the Counter Threat Unit at SecureWorks, a subsidiary of Dell Technologies, researchers paint the most complete picture yet of the group, also known as Tick.
“In the past 12 months, (SecureWorks) investigated several intrusions carried out by the Bronze Butler threat group at various Japanese organizations. The group’s activities have largely remained undetected since at least 2012, but it has likely been active for much longer,” said Matthew Webster, senior security researcher with SecureWorks, in an interview with Threatpost.
Since its inception, SecureWorks believes Bronze Butler has operated out of People’s Republic of China. The group has focused on exfiltrating intellectual property and other confidential data from Japanese companies involved in critical infrastructure, heavy industry, manufacturing and international relations.
In its report released this week, SecureWorks uncovers shifting tactics and strategies used by the group. According to researchers, Bronze Butler has bolstered its skillsets when it comes to exploiting zero-days, developing unique malware tools and has been increasingly become effective at exploiting a desktop management tool used by sysadmins in Japan.
What is known about Bronze Butler? Besides likely residing in China and targeting Japan, researchers say the group has used spear phishing, strategic web compromises and zero-day vulnerabilities to infiltrate targeted systems.