It was recently disclosed that numerous companies in the chemical sector were the subject of ongoing “nitro” attacks that sought to expose trade secrets using a trojan virus sent through Email.
The virus - internally named “nitro” by Symantec - was confirmed to be targeted at 29 companies in the chemical industry and 19 companies in other sectors, including the defense sector. “Nitro” attacked multiple Fortune 100 companies involved in research and development of chemical compounds and advanced materials, Companies that develop advanced materials primarily for military vehicles and Companies involved in developing manufacturing infrastructure for the chemical and advanced materials industry.
The attacks were orchestrated by researching targets and sending an infected Email to them specifically.
In some cases, organizations were sent more than 500 Emails that were disguised as correspondence from business partners or claimed the recipient needed to do a security update to their system. These Emails contained an attachment with an executable file that appeared to be a text file based on the file name and icon, or a password-protected archive containing an executable file with the password provided in the email.
In either case, the executable file was a self-extracting executable containing PoisonIvy, a common backdoor Trojan developed by a Chinese speaker. Once the attachment was opened, it installed PoisonIvy and used the program to report back sensitive information such as the computers IP address as well as the names of other computers on the network and dumps of Windows cached password hashes. Once it was unleashed on a corporate network, it scoured computers to find intellectual property and other sensitive data.
The Nitro trojan attacks took place from late July 2011 and continued through mid-September 2011.
Threats like this are becoming more prevalent as cybercriminals do their best to infiltrate companies of all sizes by using simple Email tactics, including phishing attempts sent directly to employees luring them to click on infected links and malicious files that could put corporate networks at risk for security breaches. Cloud based Email securityÂ can help filter for these threats and stop them from being delivered to unsuspecting employees that might accidentally click on an infected link or file.