A secret cyber-espionage group is using compromised websites along with spear-phishing emails to deliver a backdoor trojan to organizations in Japan for the purpose of stealing sensitive information and private technologies.
Security firm Symantec discovered the group in July 2015, after it detected some of the compromised websites delivering the Gofarer malware through drive-by download attacks and a Flash exploit, which, in turn, would download and install the Daserf backdoor.
Security researchers also say the group sometimes used spear-phishing campaigns that delivered files as email attachments, which, when opened, leveraged the CVE-2014-4114 Microsoft Office vulnerability to install the Daserf backdoor.
Tick group is active since 2006, interested in Japanese firms
Up to this point, the group, which Symantec named Tick, was following a common pattern seen in most cyber-espionage campaigns. Things became interesting after researchers found evidence of the group’s activity going back for at least ten years.