April 28, 2016
A longstanding cyberespionage campaign has been targeting mainly Japanese organizations with its own, custom-developed, malware (Backdoor.Daserf). The group, known to Symantec as Tick, has maintained a low profile, appearing to be active for at least 10 years prior to discovery.
In its most recent campaign, Tick employed spear-phishing emails and compromised a number of Japanese websites in order to infect a new wave of victims. The group is highly selective in its approach and only appears to deploy its full range of tools once it establishes that the compromised organization is an intended target. Tick also uses a range of hacktools to map the victim’s network and attempt to escalate privileges further.
Daserf’s main purpose is information stealing and the Trojan is capable of gathering information from infected computers and relaying it back to attacker-controlled servers. Tick’s most recent attacks have concentrated on the technology, aquatic engineering, and broadcasting sectors in Japan.