Chemical industry targeted


Martijn Grooten

Virus Bulletin, UK
Editor: Helen Martin


Symantec reports of targeted attack on companies in the chemical industry.

A report from Symantec has detailed a recent targeted attack on a number of large companies, many of which are active in the chemical industry.

Of the 48 companies known to have been targeted in the attack, 29 are active in the chemical industry.

The attack began in May and was initially targeted at human rights-related NGOs and the motor industry. In the attack, a small number of employees of the targeted company receive an email which appears to be a meeting invitation from an existing business contact. However, the email contains as its attachment a variant of the PoisonIvy trojan backdoor whose primary targets are domain administrator passwords; using these passwords the attackers can penetrate the network further and gain access to sensitive materials.

The researchers have managed to trace the attack to a US-based VPN server owned by a Chinese man. While it is unlikely that he uses this server for instant messaging as he claims, it is not known whether he is the sole attacker or acting on behalf of a larger group.

These attacks are the latest in what has become a worrying trend for governments and corporations alike. On the eve of the London Conference on Cyberspace, the UK government said it has seen an ‘exponential rise’ in cyber attacks.



Latest articles:

VB2017 paper: The life story of an IPT – Inept Persistent Threat actor

This paper describes the ability of an amateur attacker with no technical skills to achieve success in his criminal enterprise. We will follow a Polish threat actor, known as ‘Thomas’, in his career as a wannabe cybercriminal from late 2011 until…

VB2017 paper: The router of all evil: more than just default passwords and silly scripts

In the last couple of years, we have seen a few highly sophisticated router attacks and pieces of malware. This paper looks at two case studies: the Netgear router attack involving the Multiple Netgear Routers Remote Command Injection Vulnerability…

A review of the evolution of Andromeda over the years before we say goodbye

Andromeda, also known as Gamaru and Wauchos, is a modular and HTTP-based botnet that was discovered in late 2011. From that point on, it managed to survive and continue hardening by evolving in different ways. This paper describes the evolution of…

VB2012 paper: Malware taking a bit(coin) more than we bargained for

When a new system of currency gains acceptance and widespread adoption in a computer-mediated population, it is only a matter of time before malware authors attempt to exploit it. As of halfway through 2011, we started seeing another means of…

VB2017 paper: VirusTotal tips, tricks and myths

Outside of the anti-malware industry, users of VirusTotal generally believe it is simply a virus-scanning service. Most users quickly reach erroneous conclusions about the meaning of various scanning results. At the same time, many very technical…

Bulletin Archive