Breaking News

G.SKILL Announces T5 Neo Series DDR5-6400 CL38 512GB (64GBx8) Overclocked R-DIMM Memory Kit with AMD EXPO Support for AMD Ryzen Threadripper PRO Workstations ZOTAC to Launch GeForce RTX 5090 ARCTICSTORM AIO & GeForce RTX 5060 Low Profile KIOXIA Commences Sample Shipments of 9th Generation BiCS FLASH 512Gb TLC Devices Synology Unveils DiskStation DS225 Plus New PS5 system update beta previews DualSense wireless controller pairing across multiple devices

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Massive Cyber Attack Targets Chemical Companies

Massive Cyber Attack Targets Chemical Companies

Enterprise & IT Nov 1,2011 0

Symantec disclosed information about a recent targeted attack campaign directed primarily at private companies involved in the research, development, and manufacture of chemicals and advanced materials. The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes, Symantec said. The same attackers appear to have a lengthy operation history including attacks on other industries and organizations.

The attack wave started in late July 2011 and continued into mid-September 2011. A total of 29 companies in the chemical sector were confirmed to be targeted in this attack wave and another 19 in various other sectors, primarily the defense sector, were seen to be affected as well, the research firm added. As the pattern of chemical industry targets emerged, Symantec internally code-named the attack "campaign Nitro."

The attackers first researched desired targets and then sent an email specifically to the target. While the attackers used different pretexts when sending these malicious emails, two methodologies stood out. First, when a specific recipient was targeted, the mails often purported to be meeting invitations from established business partners. Secondly, when the emails were being sent to a broad set of recipients, the mails purported to be a necessary security update. The emails then contained an attachment that was either an executable that appeared to be a text file based on the file name and icon, or a password-protected archive containing an executable file with the password provided in the email. In both cases, the executable file was a self-extracting executable containing PoisonIvy, a common backdoor Trojan developed by a Chinese speaker.

When the recipient attempted to open the attachment, they would inadvertently execute the file, causing PoisonIvy to be installed. Once PoisonIvy was installed, it contacted a C&C server on TCP port 80 using an encrypted communication protocol. Using the C&C server, the attackers then instructed the compromised computer to provide the infected computer?s IP address, the names of all other computers in the workgroup or domain, and dumps of Windows cached password hashes.

By using access to additional computers through the currently logged on user or cracked passwords through dumped hashes, the attackers then began traversing the network infecting additional computers. Typically, their primary goal is to obtain domain administrator credentials and/or gain access to a system storing intellectual property. Domain administrator credentials make it easier for the attacker to find servers hosting the desired intellectual property and gain access to the sensitive materials. The attackers may have also downloaded and installed additional tools to penetrate the network further.

Thousands of Chinese computer enthusiasts belong to hacker clubs and experts say some are supported by the military to develop a pool of possible recruits.

China has the world's biggest population of Internet users, with more than 450 million people online, and the government promotes Web use for business and education. But experts say security for many computers in China is so poor that they are vulnerable to being taken over and used to hide the source of attacks from elsewhere.

Tags: Cyber AttackVirus
Previous Post
South Korea Fines LCD Makers For Price Fixing
Next Post
LG 3D Notebook Receives Flicker-free Certification

Related Posts

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Texas Courts Faced a Ransomware Attack

  • GoDaddy Discloses Data Breach

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Marriott Discloses New Data Breach

  • FireEye Warns About Chinese APT41 Global Intrusion Campaign Using Multiple Exploits

  • Cybersecurity Report Reveals Big Game Hunting, Telecommunication Targeting Take Center Stage for Cyber Adversaries

  • MGM Resorts Discloses Data Breach

Latest News

G.SKILL Announces T5 Neo Series DDR5-6400 CL38 512GB (64GBx8) Overclocked R-DIMM Memory Kit with AMD EXPO Support for AMD Ryzen Threadripper PRO Workstations
PC components

G.SKILL Announces T5 Neo Series DDR5-6400 CL38 512GB (64GBx8) Overclocked R-DIMM Memory Kit with AMD EXPO Support for AMD Ryzen Threadripper PRO Workstations

ZOTAC to Launch GeForce RTX 5090 ARCTICSTORM AIO & GeForce RTX 5060 Low Profile
GPUs

ZOTAC to Launch GeForce RTX 5090 ARCTICSTORM AIO & GeForce RTX 5060 Low Profile

KIOXIA Commences Sample Shipments of 9th Generation BiCS FLASH 512Gb TLC Devices
Enterprise & IT

KIOXIA Commences Sample Shipments of 9th Generation BiCS FLASH 512Gb TLC Devices

Synology Unveils DiskStation DS225 Plus
Enterprise & IT

Synology Unveils DiskStation DS225 Plus

New PS5 system update beta previews DualSense wireless controller pairing across multiple devices
Gaming

New PS5 system update beta previews DualSense wireless controller pairing across multiple devices

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Terramaster F8-SSD

Terramaster F8-SSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed