Chemical industry in cyber-espionage crosshairs
According to a Symantec report entitled 'The Nitro Attacks', a total of 29 chemical companies have been targeted for attacks in recent months. The primary purpose of the attacks appears to have been to purloin confidential documents containing information such as formulae, internal plans and manufacturing processes.
The attackers generally selected a handful of staff members at each target company and sent them emails containing an encrypted attachment. The emails claimed this to be an anti-virus software update, a Flash Player security update or similar. The password to decrypt the attached 7z zip file was included in the text of the email. The encryption allowed the attackers to bypass anti-virus software installed on company email servers. The 'update' in fact installed a remote maintenance application called Poison Ivy, previously used to penetrate security company RSA.
The attacks targeted several countries, with the majority directed against companies located in the USA, Bangladesh and the UK. According to Symantec, the tracks lead back to a young Chinese man running a virtual private server with which the infected computers established contact. His role in the attacks, however, is unclear.
(Damon Tajeddini / ehe)