Chemical industry targeted


Martijn Grooten

Virus Bulletin, UK
Editor: Helen Martin


Symantec reports of targeted attack on companies in the chemical industry.

A report from Symantec has detailed a recent targeted attack on a number of large companies, many of which are active in the chemical industry.

Of the 48 companies known to have been targeted in the attack, 29 are active in the chemical industry.

The attack began in May and was initially targeted at human rights-related NGOs and the motor industry. In the attack, a small number of employees of the targeted company receive an email which appears to be a meeting invitation from an existing business contact. However, the email contains as its attachment a variant of the PoisonIvy trojan backdoor whose primary targets are domain administrator passwords; using these passwords the attackers can penetrate the network further and gain access to sensitive materials.

The researchers have managed to trace the attack to a US-based VPN server owned by a Chinese man. While it is unlikely that he uses this server for instant messaging as he claims, it is not known whether he is the sole attacker or acting on behalf of a larger group.

These attacks are the latest in what has become a worrying trend for governments and corporations alike. On the eve of the London Conference on Cyberspace, the UK government said it has seen an ‘exponential rise’ in cyber attacks.



Latest articles:

VB2017 paper: Nine circles of Cerber

The Cerber ransomware was mentioned for the first time in March 2016 on some Russian underground forums, on which it was offered for rent in an affiliate program. Since then, it has been spread massively via exploit kits, infecting more and more…

VB2017 paper: Modern reconnaissance phase by APT – protection layer

During recent research, Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. Indeed, the…

VB2017 paper: Peering into spam botnets

Despite spam botnets being so important in the lifecycle of malware, recent publications describing massive spam operations (which can be counted on the fingers of one hand) have either skipped over the technical details or else concentrated too much…

VB2016 paper: Anti-malware testing undercover

Anti-malware testing is highly complex, and it becomes more and more challenging as new technologies are adopted by the industry to protect users. Rather than focusing on the technical challenges that testers face nowadays, this VB2016 paper focuses…

VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale

We propose a novel method unifying the interactions between client machines, hostnames and hosting IPs by building a tripartite graph consisting of tens of millions of vertices and edges. We then represent a sequence of tripartite graphs as signals…

Bulletin Archive