View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 31, 2011

Chemical industry comes under new wave of cyber attacks: Symantec

Goal of the attackers seems to be to collect intellectual property

By CBR Staff Writer

A total of 29 companies in the chemical industry and another 19 in various other sectors, primarily the defense sector, were targeted by a recent series of cyber-attacks traced to China, according to security firm Symantec.

The attack wave started in late July 2011 and continued into mid-September 2011.

Symantec, in its white paper ‘The Nitro Attacks: Stealing Secrets From the Chemical Industry,’ said the goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes.

Companies affected include – multiple Fortune 100 companies involved in R&D of chemical compounds and advanced materials; companies that develop advanced materials for military vehicles; and companies involved in developing manufacturing infrastructure for the chemical and advanced materials industry.

According to Symantec, 12 of the infected companies were based in the US, five in the UK, two in Denmark one each in Belgium, Italy, the Netherlands, Saudi Arabia and Japan.

The attackers first researched desired targets and then sent an email specifically to the target.

When the recipient attempted to open the attachment, they would inadvertently execute the file, causing PoisonIvy, a remote access tool (RAT) to be installed. Once PoisonIvy was installed, it contacted a C&C server on TCP port 80 using an encrypted communication protocol.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Using the C&C server, the attackers then instructed the compromised computer to provide the infected computer’s IP address.

By using access to additional computers through the currently logged on user or cracked passwords through dumped hashes, the attackers then began traversing the network infecting additional computers.

Last summer US giant Dow Chemicals identified unusual e-mails being delivered to the company and worked with law enforcers to tackle the situation.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.