The latest cyber-attack on Western corporations reportedly originating from Chinese soil has struck at the chemical industry and defence sector.
Security firm Symantec uncovered the cyber-espionage which has targeted research and development material from some 48 companies, 29 of them in the chemical industry.
Discussed in a report entitled “The Nitro Attacks”, the attackers have been attempting to procure as much as they can in the way of formulas, designs and manufacturing secrets.
These attacks on various corporations apparently began back in April, and the chemical sector is just the latest victim.
Early targets were human rights NGOs, then the car industry, followed by this latest attack on chemical companies which ran for two and a half months into September. There are probably a good deal more breaches that it doesn’t know about, Symantec also acknowledges.
The exploit was carried out via an emailed trojan, PoisonIvy, which the attackers used as an entry point to the network once an employee had fallen for and applied a false security update (which was the method used in some cases).
The majority of infected computers were in the US – 27% of the attacks hit home here – although the UK was the third most targeted nation with 14%. Bangladesh was the second most affected on 20%.
The attacks were traced to a Virtual Private Server in the US, but that system was owned by a 20-something Chinese man in the Hebei region of China.
When contacted, the man offered to provide “hacking for hire”, but Symantec is uncertain whether he’s working alone or in a group, or whether he had a direct or indirect role in the chemical cyber-espionage.
Symantec noted: “Numerous targeted attack campaigns are occurring every week. However, relative to the total number of attacks, few are fully disclosed. These attacks are primarily targeting private industry in search of key intellectual property for competitive advantage, military institutions, and governmental organizations often in search of documents related to current political events and human rights organizations.”
“This attack campaign focused on the chemical sector with the goal of obtaining sensitive documents such as proprietary designs, formulas, and manufacturing processes.”