Dozens of chemical firms hit in espionage hack attack
Defense contractors, Fortune 100 companies, too
Dozens of companies in the defense and chemical industries have been targeted in an industrial espionage campaign that steals confidential data from computers infected with malware, researchers from Symantec said.
At least 29 companies involved in the research, development, and manufacture of chemicals and an additional 19 firms in defense and other industries have been attacked since the middle of July, Symantec researchers wrote in the report (PDF) released Monday. The unknown attackers used back door trojans, including a variant of the publicly available Poison Ivy, to exfiltrate data from victims - including multiple Fortune 100 companies involved in the research and development of chemical compounds and advanced materials.
“These attacks are primarily targeting private industry in search of key intellectual property for competitive advantage, military institutions, and governmental organizations often in search of documents related to current political events and human rights organizations,” the eight-page Symantec report stated. “This attack campaign focused on the chemical sector with the goal of obtaining sensitive documents such as proprietary designs, formulas, and manufacturing processes.”
The campaign, which the Symantec researchers have dubbed "Nitro," wasn't disrupted until the middle of September.
The majority of infected machines found connecting to command and control servers were located in the US, Bangladesh, and the UK. Other infected computers came from an additional 17 countries, including Argentina, Singapore, and China.
Some of the attacks have been traced to a computer that acted as a virtual private server by an individual located in the Hebei region of China. While a person calling himself Covert Grove claimed he used the system for legitimate reasons, the researchers said his denial seemed “suspicious.”
“We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role,” they wrote. “Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties.”
The attacks typically begin with emails purporting to warn of unpatched vulnerabilities in the Adobe Reader program from the recipient's IT department. When the recipient clicks on one of two files included, Poison Ivy or Backdoor.0divy is installed. Security provider Norman ASA has technical information about the malicious payloads here.
Several other groups that appear to be unrelated are targeting some of the same chemical companies with malicious documents that exploit vulnerabilities in Adobe Reader and Microsoft Office. As a result, the victims are infected with Backdoor.Sogu, the same custom-developed threat used to steal personal information from as many as 35 million users of a South Korean social network, the Symantec researchers said. ®
Could it be
These companies are already protected(?) by something from "Symantec"
Free Of Charge Action Plan
@Government: Fund Safe Operating Systems; Memory/Type Safe Programming Languages; Fund Full Mathematical Verification of a minimal Linux, Firefox and a PDF viewer; use Linux; create AppArmor profiles;Remove the Insecure A***e Crap
@Businesses: Remove the Insecure A***e Crap, replace by evince and HTML5; Use whitelisting for internet access; provide Social PCs to access employee webmail, facebook, youtube etc; use AppArmor profiles; use security consultants who know more than their employer's technology; keep software auto-patched; stop using standard STL library (without bounds checking) and plain pointers; spend serious money on capable security consultants and heed their advice; use Linux
@Private PC users: keep software auto-patched; don't run as Administrator; remove A***e crap software
I'm just waiting for the other shoe to drop...
I keep seeing the FUD from both businesses and government about Cyber war (and obviously the security companies want a piece of the anti-Cyber war government money as the FUD gets ramped up), but I'm just waiting for the other shoe to drop so to speak, when its used to justify forcing through more draconian measures on to all of us, the likes of which some of our government MPs have been keep calling for, over the past few years.
Its not as if we have to connect every computer to the Internet. If something is so secret or hazardous to expose it to the Internet, then why expose it to the Internet? Its not rocket science so to speak, every computer on the planet doesn't have to be on connected to the Internet. But then using some common sense wouldn't allow the FUD stories to keep flowing in the media, all allowing more strength to back up the government claims for their need for more draconian measures so they are happy to let the Cyber war stories build up plus the security companies smell money to be made from it all, so they are happy as well.
... I'm just waiting for the other shoe to drop, when the governments show us what they want to do about it.
After all, we have the International Labour Organization highlighting today, fear of increased civil unrest in Europe + Increasingly people talking about the need for a European spring so to speak to deal with the corrupt MPs and banks + endless MP rhetoric about the need to regulate the Internet = ? its not hard to guess what politicians fear from the Internet and what they want. Its also easily to see how the so called Arab spring was fueled by the Internet's ability to help people undermine government liars and all politicians fear that kind of social movement.
So I'm just waiting for the other shoe to drop, because its all slowly building to a crescendo. :(