Tuesday, November 24, 2015
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Black Friday Deals on Microsoft device
AMD Ends Driver Support For Radeon HD 5000 and 6000 series
New AMD Radeon Software Crimson Edition Available For Download
ASUS RoG Announces Maximus VIII Hero Alpha
Apple To Brings Apple Pay To China
Xiaomi Launches New Redmi Note 3 Smartphone And Mi Pad 2 Tablet
Dell Says Security Hole Identified In Some Laptops
Sony PlayStation 4 Now Available For $299
Active Discussions
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > General Computing > Massive...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, November 01, 2011
Massive Cyber Attack Targets Chemical Companies

Symantec disclosed information about a recent targeted attack campaign directed primarily at private companies involved in the research, development, and manufacture of chemicals and advanced materials.

The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes, Symantec said. The same attackers appear to have a lengthy operation history including attacks on other industries and organizations.

The attack wave started in late July 2011 and continued into mid-September 2011. A total of 29 companies in the chemical sector were confirmed to be targeted in this attack wave and another 19 in various other sectors, primarily the defense sector, were seen to be affected as well, the research firm added. As the pattern of chemical industry targets emerged, Symantec internally code-named the attack "campaign Nitro."

The attackers first researched desired targets and then sent an email specifically to the target. While the attackers used different pretexts when sending these malicious emails, two methodologies stood out. First, when a specific recipient was targeted, the mails often purported to be meeting invitations from established business partners. Secondly, when the emails were being sent to a broad set of recipients, the mails purported to be a necessary security update. The emails then contained an attachment that was either an executable that appeared to be a text file based on the file name and icon, or a password-protected archive containing an executable file with the password provided in the email. In both cases, the executable file was a self-extracting executable containing PoisonIvy, a common backdoor Trojan developed by a Chinese speaker.

When the recipient attempted to open the attachment, they would inadvertently execute the file, causing PoisonIvy to be installed. Once PoisonIvy was installed, it contacted a C&C server on TCP port 80 using an encrypted communication protocol. Using the C&C server, the attackers then instructed the compromised computer to provide the infected computer?s IP address, the names of all other computers in the workgroup or domain, and dumps of Windows cached password hashes.

By using access to additional computers through the currently logged on user or cracked passwords through dumped hashes, the attackers then began traversing the network infecting additional computers. Typically, their primary goal is to obtain domain administrator credentials and/or gain access to a system storing intellectual property. Domain administrator credentials make it easier for the attacker to find servers hosting the desired intellectual property and gain access to the sensitive materials. The attackers may have also downloaded and installed additional tools to penetrate the network further.

Thousands of Chinese computer enthusiasts belong to hacker clubs and experts say some are supported by the military to develop a pool of possible recruits.

China has the world's biggest population of Internet users, with more than 450 million people online, and the government promotes Web use for business and education. But experts say security for many computers in China is so poor that they are vulnerable to being taken over and used to hide the source of attacks from elsewhere.

South Korea Fines LCD Makers For Price Fixing        All News        LG 3D Notebook Receives Flicker-free Certification
Yahoo to Acquire Ad Firm Interclick     General Computing News      Adobe Acquires Auditude to Capitalize on Video Advertising Opportunity

Get RSS feed Easy Print E-Mail this Message

Related News
Hackers Attacked Vodafone
Police Arrest Teenagers Over TalkTalk Hack
TalkTalk Provides Update On Recent Cyber Attack
Cyber Attack Against UK's TalkTalk Could Affect Millions Britons
Chinese-affiliated Intrusions into Companies Continued Even After Cyber Pack
F-Secure Identifies Malware Family Linked To Russian State-backed Cyber-espionage
Europol Arrested Group Of Cyber-fraudsters
Cyber Attack hits Millions of U.S. Federal Workers
Cisco Identifies Virus That Kills Off PCs
Adobe And Windows Zero-Day Exploits Likely Leveraged by Russians In Highly-Targeted Attack
Data Breaches Increased 49 Percent in 2014
Tech Companies Unveil Alliance on Cybersecurity

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .