Symantec researchers spotted a cyberespionage group, dubbed “Tick,” spreading custom malware through compromised Japanese websites.
The group is believed to have been active since 2006 and primarily targets Japanese organizations such as large technology, engineering, and media firms in order to steal sensitive information, according to an April 28 Symantec blog post.
In its most recent string of attacks, the group compromised three different websites using a Flash exploit in order to mount watering hole attacks, researchers wrote.
Researchers said Tick also used spearphishing emails and an exploit for the Microsoft Office documents (CVE-2014-4114) vulnerability to distribute malware in addition to the watering hole activity.
The compromised sites infected users with the Gofarer.downloader which ultimately installed the Daserf Trojan, researchers said in the post.
Researchers said the group appears to be well organized with the funding to develop and update its malware.