A deadly Tick bit Japanese organizations. Not the arachnid, the hacker group. The threat group, also known as Bronze Butler, has been around for a long time and has targeted organizations located mostly in Japan.
Around 200 Japanese companies and research firms, including the Japan Aerospace Exploration Agency, were attacked by the Tick hacker group. The clever attack, which ranged from 2016 to 2017, was capable of seeking out system flaws and evade detection, ultimately abusing weaknesses in the companies’ antivirus measures.
- Tick has been categorized as a cyberespionage group and has been launching attacks since at least 2009.
- It is mainly focused on industries, operating in Asia Pacific, that invest in research and development. This niche ensures that the threat actors are aiming for the theft of sensitive intellectual property.
- The hacker group abused the Microsoft Exchange Server flaw to attack an organization in the Middle East, in February.
- This is one of the groups that has access to the ShadowPad backdoor that was leveraged during Operation Entrade.
- While local media alleged that Tick is being run by the Chinese People’s Liberation Army Unit 61419, researchers have found no concrete evidence to prove the same.
- The gang has been tightly linked with defense and military targets with Japan and the Korean Peninsula.
- Tick is the second Chinese APT actor that has been associated with the Chinese Shandong province.
The bottom line
Tick has constantly used spear-phishing and watering hole attacks to breach target systems. However, in one instance, the group has been found to leverage a zero-day vulnerability. The group has also managed to remain undetected inside compromised networks for more than five years. However, once the target has nothing more to provide, Tick removes all evidence from the networks.