Butterfly Group
The Butterfly group performs corporate espionage campaigns against organizations containing proprietary intellectual property. Stolen information is likely sold for fiscal gain. The Butterfly group is organized and efficient. It is likely that the group consists of only a few individuals (~3-10 members). According to Symantec, “[t]here are some indications that this group may be made up of nativeEnglish speakers, are familiar with Western culture, and may operate from an Eastern Standard Time (EST) time zone.” The emergence of the Butterfly group should remind organizations that corporate espionage groups and non-state sponsored APTs still exist. In fact, in certain aspects, they are more dangerous than state sponsored groups. Mercenary and espionage groups may possess specific knowledge of what information to steal or from what systems to steal data. This information may come from competitors or it may come from insider threats within the organization. APTs, like the Butterfly group, are more likely to profit from exfiltrated data and stolen intellectual property than an enemy nation state might. Auction of stolen information to a third party will likely occur immediately after a breach because the group maximizes their potential by realizing profit and redirecting their resources to the next target. Few concurrent campaigns were observed. Once information is sold to a third party, attribution of the attack becomes more difficult. The realized impact of lost financial data or stolen intellectual property could cripple the organization.
ButterflyGroupAPT






















