Symantec reports of targeted attack on companies in the chemical industry.
Copyright © 2011 Virus Bulletin
A report from Symantec has detailed a recent targeted attack on a number of large companies, many of which are active in the chemical industry.
Of the 48 companies known to have been targeted in the attack, 29 are active in the chemical industry.
The attack began in May and was initially targeted at human rights-related NGOs and the motor industry. In the attack, a small number of employees of the targeted company receive an email which appears to be a meeting invitation from an existing business contact. However, the email contains as its attachment a variant of the PoisonIvy trojan backdoor whose primary targets are domain administrator passwords; using these passwords the attackers can penetrate the network further and gain access to sensitive materials.
The researchers have managed to trace the attack to a US-based VPN server owned by a Chinese man. While it is unlikely that he uses this server for instant messaging as he claims, it is not known whether he is the sole attacker or acting on behalf of a larger group.
These attacks are the latest in what has become a worrying trend for governments and corporations alike. On the eve of the London Conference on Cyberspace, the UK government said it has seen an ‘exponential rise’ in cyber attacks.