Tuesday, October 21, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Toshiba Debuts New 2-in-1 Convertible PC with a 360-Degree Design
Acer Leads The Growing Chromebook Market
China Denies Apple's iCloud Hack Allegations
Samsung Galaxy KNOX Devices Approved for U.S. Government Classified Use
iPhone 6 Demand Help ARM's Growth
SK Hynix Develops High Density 16GB NVDIMM
Samsung Mass Produces 8-Gigabit DDR4 Based on 20 Nanometer Process Technology
Strong iPhone, Mac And App Store Sales Drive Apple's Record September Quarter Revenue And Earnings
Active Discussions
Copied dvd's say blank in computer only
How to generate lots of different CDs quickly
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
 Home > News > General Computing > Massive...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, November 01, 2011
Massive Cyber Attack Targets Chemical Companies


Symantec disclosed information about a recent targeted attack campaign directed primarily at private companies involved in the research, development, and manufacture of chemicals and advanced materials.

The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes, Symantec said. The same attackers appear to have a lengthy operation history including attacks on other industries and organizations.

The attack wave started in late July 2011 and continued into mid-September 2011. A total of 29 companies in the chemical sector were confirmed to be targeted in this attack wave and another 19 in various other sectors, primarily the defense sector, were seen to be affected as well, the research firm added. As the pattern of chemical industry targets emerged, Symantec internally code-named the attack "campaign Nitro."

The attackers first researched desired targets and then sent an email specifically to the target. While the attackers used different pretexts when sending these malicious emails, two methodologies stood out. First, when a specific recipient was targeted, the mails often purported to be meeting invitations from established business partners. Secondly, when the emails were being sent to a broad set of recipients, the mails purported to be a necessary security update. The emails then contained an attachment that was either an executable that appeared to be a text file based on the file name and icon, or a password-protected archive containing an executable file with the password provided in the email. In both cases, the executable file was a self-extracting executable containing PoisonIvy, a common backdoor Trojan developed by a Chinese speaker.

When the recipient attempted to open the attachment, they would inadvertently execute the file, causing PoisonIvy to be installed. Once PoisonIvy was installed, it contacted a C&C server on TCP port 80 using an encrypted communication protocol. Using the C&C server, the attackers then instructed the compromised computer to provide the infected computer?s IP address, the names of all other computers in the workgroup or domain, and dumps of Windows cached password hashes.

By using access to additional computers through the currently logged on user or cracked passwords through dumped hashes, the attackers then began traversing the network infecting additional computers. Typically, their primary goal is to obtain domain administrator credentials and/or gain access to a system storing intellectual property. Domain administrator credentials make it easier for the attacker to find servers hosting the desired intellectual property and gain access to the sensitive materials. The attackers may have also downloaded and installed additional tools to penetrate the network further.

Thousands of Chinese computer enthusiasts belong to hacker clubs and experts say some are supported by the military to develop a pool of possible recruits.

China has the world's biggest population of Internet users, with more than 450 million people online, and the government promotes Web use for business and education. But experts say security for many computers in China is so poor that they are vulnerable to being taken over and used to hide the source of attacks from elsewhere.


Previous
Next
South Korea Fines LCD Makers For Price Fixing        All News        LG 3D Notebook Receives Flicker-free Certification
Yahoo to Acquire Ad Firm Interclick     General Computing News      Adobe Acquires Auditude to Capitalize on Video Advertising Opportunity

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft Sees Decline in Security Vulnerabilities
Europe To Invest Millions In Online Safety Projects
Millions Of Stolen Credentials Available For Sale
German Authorities Discover Email Account Theft
Largest Data Breach in History Reported In S .Korea
Cybercrime Firm Reports Ongoing Attacks on U.S. Merchants
Gamers Faced Severe Cyber Attacks In 2013
Microsoft, the FBI, Europol Disrupt ZeroAccess Botnet
Microsoft Unveils Cybercrime Center
Deutsche Telekom To Offer Secure Internet To Companies
Dropbox, WordPress Used To Spread Malware
New EU Rules Against Cyber-crime

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .