Symantec has revealed that at least 50 companies, many of them in the defense and chemical industries, have been attacked in a spear-phishing attack aimed at stealing research and development data. The “Nitro” attacks, as Symantec called them, started in late July, and lasted through September, according to a Symantec report (PDF). But the infrastructure used for command and control and other aspects of the attacks were used in another, earlier wave dating at least back to April, which was focused on human rights groups.
There is no known connection to the phishing attacks on RSA earlier this year. And it remains unclear whether the attacks were made by a single individual or group, though it appears the attack came from China. Analysts traced the attack back to a $ 32-a-month virtual private server in the US, owned by a “20-something male located in the Hebei region of China,” and found traffic being sent back to the network from 52 different organizations in 20 countries, 12 of them based in the US.
Spear phishing is a form of e-mail based attack that is carefully tailored to individuals at the target organization, usually disguised as a file-attachment that appears to be from someone the individual knows. In the Nitro attacks, the attackers used several approaches, but relied largely on two types of phishing: posing as a known business partner and sending what appeared to be a meeting invitations, or hitting a larger number of targets with an email “purporting to be a security update,” according to Symantec’s Eric Chien and Gavin O’Gorman. The attacks included executable files that were disguised as text files, or as password-protected archives. In both cases, the file would execute when opened, installing a program called PoisonIvy—a backdoor developed by a “Chinese speaker,” according to the Symantec report.
The backdoor then sent back the IP address of the infected computer, the names of other computers visible in the Windows workgroup the computer was in, and Windows cached password hashes. This allowed the hackers to remotely control the system, possibly even downloading additional tools to attack from within the network, and infect other computers in an attempt to gain administrative credentials and access to servers containing sensitive data.
Cbus Wireless Three LCD Screen Guards / Protectors for Apple iPod Touch 4 / 4G / 4th GenFully shield & Protect your device’s LCD screen against dust, scratches, fingerprints and eliminate glare. Ultra Thin, Durable and…
Apple iPod nano 8 GB Pink (6th Generation) NEWEST MODELThe Apple® MC692LL/A 6th Generation iPod® Nano should be your choice when it comes to portable music whenever you want it….
