Hackers Looked To Steal Intellectual Property From Chemical Manufacturers, Says Symantec
Symantec published a paper titled “The Nitro Attacks: Stealing Secrets from the Chemical Industry”, which details a prolonged hacker attack against several private companies in the chemical business.
According to the paper, the hackers were after “intellectual property such as design documents, formulas, and manufacturing processes”. The attacks lasted from late July through the middle of September.
Even more notable is that this is not apparently the hacker group’s first go-round; it’s just the latest whitecap in a long-running crime wave. The group targeted human rights NGOs starting in April, hit the motor industry in May, and took a break in the early summer before lauching “Nitro”.
The methodology was pretty simple; the attackers picked a company to target and sent emails to a certain number of employees under the auspice of either setting up a meeting with a legit business partner or notifying the recipient of a security update; in both cases, an attachment delivered a Trojan (“PoisonIvy”) to the victims. From there, it was just a few steps to getting access to other machines in the same workgroup and go from there. They gathered the data they were looking for and uploaded it to a remote site. Attack complete.
All told, at least 48 companies were attacked, including those in the chemical and defense sectors.
According to the paper, the hackers were after “intellectual property such as design documents, formulas, and manufacturing processes”. The attacks lasted from late July through the middle of September.
Even more notable is that this is not apparently the hacker group’s first go-round; it’s just the latest whitecap in a long-running crime wave. The group targeted human rights NGOs starting in April, hit the motor industry in May, and took a break in the early summer before lauching “Nitro”.
The methodology was pretty simple; the attackers picked a company to target and sent emails to a certain number of employees under the auspice of either setting up a meeting with a legit business partner or notifying the recipient of a security update; in both cases, an attachment delivered a Trojan (“PoisonIvy”) to the victims. From there, it was just a few steps to getting access to other machines in the same workgroup and go from there. They gathered the data they were looking for and uploaded it to a remote site. Attack complete.
All told, at least 48 companies were attacked, including those in the chemical and defense sectors.
