'Nitro' Hackers Reportedly Attack Dozens of Companies in Chemical, Defense Industries
Hackers reportedly used an off-the-shelf computer attack created in China to compromise the computers of at least 48 companies, including in the chemical and defense industries -- an attack described as being similar to the notorious Stuxnet virus, if not as severe.
The goal of the attacks, reported Monday by security software company Symantec, "appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes."
The purpose: "industrial espionage, collecting intellectual property for competitive advantage."
Symantec dubbed the attack "Nitro" and said a total of 29 companies in the chemical industry were targeted, in addition to 19 in other sectors, starting in late July. Among the companies were some that develop materials used primarily in military vehicles.
The infected computers spanned the globe, from the United States to Denmark to Saudi Arabia and Japan. Symantec didn't identify the successfully attacked companies by name.
Emails carrying a rogue file were used to compromise the companies networks, Symantec said. The messages purported to contain a necessary security update, but instead, unsuspecting users were opening a self-extracting executable file containing PoisonIvy, which Symantec described as a "common backdoor Trojan developed by a Chinese speaker."
From there, the attackers went to work finding out all they could about the computers in the workgroup or domain.
"Nitro wasn't at the level of sophistication of a Stuxnet," Jeff Wilhelm, a senior researcher with Symantec's security response, told Computerworld. "But there are similarities with other advanced threats." He gave the attack's narrow focus as one example.
Symantec traced the attacks to a man in his 20s living in the Hebei region of China, though it is unclear how deeply he may have been involved in the cyberattack and whether anyone else was involved.