Thursday, July 28, 2016
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Home Appliance and Home Entertainment Units Help LG's Quarterly Profits
Facebook Reports Sharp Ad Sales Growth
Samsung Second Quarter Results Boosted By Component Sales
Microsoft Adds Artificial Intelligence Elements To New Smart Camera App
Xiaomi Announces Redmi Pro OLED Smartphone And Mi Notebook Air Laptop
Future Apple Stylus Could Operate as a Joystick
Twitter's Video Advertising Expansion Remains Slow
LG Display Invests KRW 1.99 Trillion in Flexible OLED Display Production
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Massive...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, November 01, 2011
Massive Cyber Attack Targets Chemical Companies


Symantec disclosed information about a recent targeted attack campaign directed primarily at private companies involved in the research, development, and manufacture of chemicals and advanced materials.

The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes, Symantec said. The same attackers appear to have a lengthy operation history including attacks on other industries and organizations.

The attack wave started in late July 2011 and continued into mid-September 2011. A total of 29 companies in the chemical sector were confirmed to be targeted in this attack wave and another 19 in various other sectors, primarily the defense sector, were seen to be affected as well, the research firm added. As the pattern of chemical industry targets emerged, Symantec internally code-named the attack "campaign Nitro."

The attackers first researched desired targets and then sent an email specifically to the target. While the attackers used different pretexts when sending these malicious emails, two methodologies stood out. First, when a specific recipient was targeted, the mails often purported to be meeting invitations from established business partners. Secondly, when the emails were being sent to a broad set of recipients, the mails purported to be a necessary security update. The emails then contained an attachment that was either an executable that appeared to be a text file based on the file name and icon, or a password-protected archive containing an executable file with the password provided in the email. In both cases, the executable file was a self-extracting executable containing PoisonIvy, a common backdoor Trojan developed by a Chinese speaker.

When the recipient attempted to open the attachment, they would inadvertently execute the file, causing PoisonIvy to be installed. Once PoisonIvy was installed, it contacted a C&C server on TCP port 80 using an encrypted communication protocol. Using the C&C server, the attackers then instructed the compromised computer to provide the infected computer?s IP address, the names of all other computers in the workgroup or domain, and dumps of Windows cached password hashes.

By using access to additional computers through the currently logged on user or cracked passwords through dumped hashes, the attackers then began traversing the network infecting additional computers. Typically, their primary goal is to obtain domain administrator credentials and/or gain access to a system storing intellectual property. Domain administrator credentials make it easier for the attacker to find servers hosting the desired intellectual property and gain access to the sensitive materials. The attackers may have also downloaded and installed additional tools to penetrate the network further.

Thousands of Chinese computer enthusiasts belong to hacker clubs and experts say some are supported by the military to develop a pool of possible recruits.

China has the world's biggest population of Internet users, with more than 450 million people online, and the government promotes Web use for business and education. But experts say security for many computers in China is so poor that they are vulnerable to being taken over and used to hide the source of attacks from elsewhere.


Previous
Next
South Korea Fines LCD Makers For Price Fixing        All News        LG 3D Notebook Receives Flicker-free Certification
Yahoo to Acquire Ad Firm Interclick     General Computing News      Adobe Acquires Auditude to Capitalize on Video Advertising Opportunity

Get RSS feed Easy Print E-Mail this Message

Related News
NEC Uses Artificial Intelligence to Automatically Detect Unknown Cyber-attacks
Fujitsu Technology Analyzes Cyber Attacks
Hackers Attacked Vodafone
Police Arrest Teenagers Over TalkTalk Hack
TalkTalk Provides Update On Recent Cyber Attack
Cyber Attack Against UK's TalkTalk Could Affect Millions Britons
Chinese-affiliated Intrusions into Companies Continued Even After Cyber Pack
F-Secure Identifies Malware Family Linked To Russian State-backed Cyber-espionage
Europol Arrested Group Of Cyber-fraudsters
Cyber Attack hits Millions of U.S. Federal Workers
Cisco Identifies Virus That Kills Off PCs
Adobe And Windows Zero-Day Exploits Likely Leveraged by Russians In Highly-Targeted Attack

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .