Symantec researchers have published a whitepaper analyzing last year’s Nitro attacks on the U.S. chemical industry. It’s interesting because it’s a detailed example of how Chinese cyber attacks are often focused on a particular area of intellectual property, as opposed to, say Eastern European attacks on financial institutions designed for immediate economic gain: http://bit.ly/y1BF4p
The purpose of this attack is similar to other attacks on the car industry and other manufacturing and research organizations. This exploit was directed at “private companies involved in the research, development, and manufacture of chemicals and advanced materials. The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes.”
The attack vector used an all too common technique. A targeted email phish pretending to either be a meeting invite from a known partner or an announcement of a security update contained an attachment that executed the malware PoisonIvy. PoisonIvy is a very popular and versatile backdoor Trojan that can collect dumps of Windows cached password hashes.
The email phish is really becoming the vector of choice, largely because it’s so hard to prevent. Security awareness training is really important here, because it only takes one person clicking on the attachment.
Russell Dean Vines, Chief Security Advisor
Gotham Technology Group, LLC
CISSP, CEH, PCI QSA, NSA-IAM, CISM