Symantec discovers China-based hack attack

29 chemical firms, 19 other companies compromised by PoisonIvy Trojan

Tags: ChinaCyber crimeSymantec Corporation
  • E-Mail
Symantec discovers China-based hack attack Symantec has discovered a China-based hack attack that has compromised 29 firms in the chemicals industry.
By  Georgina Enzer Published  November 1, 2011

Approximately 29 firms, which are involved in the chemicals industry, have been targeted by a series of cyber-attacks tracked back to China, according Symantec.

The internet security firm said that is also has evidence that a further 19 firms, including those in the defence industry, had also been attacked between July and mid-September 2011.

Symantec said the attacks were designed to steal intellectual property, such as design processes and formulas.

The report by Symantec did not reveal which companies were involved, but said several were Fortune 100 corporations and said at least 12 of the firms were US-based, five were UK-based and two were in Denmark.

Several of the firms that came under attack developed materials for military vehicles.

US chemical giant, Dow Chemicals told the BBC that it had been the target of "unusual emails" received during the July to September period.

"Dow engaged internal and external response teams, including law enforcement, to address the situation," a company spokesman told the BBC. "As a result, we have no reason to believe our operations were compromised."

Symantec said that workers at the affected companies were sent emails, which asked them to open an attachment, in some cases these emails were supposed to be from established business partners, in others the emails were fake security updates.

When the email attachments were opened, they installed a Trojan horse into the computer system, which allowed the hackers to gain network information and then locate and copy files to another part of their targets' systems, from where they were extracted.

The Trojan used was PoisonIvy, which Symantec said was developed by a Chinese speaker.

The internet security firm said it had traced the attacks back to a "20-something male located in the Hebei region of China" who funnelled the process through a US computer server.

This latest hack is being linked to earlier attacks on carmakers and human rights organisations.

"This is unfortunately becoming a new normal behaviour," Symantec's chief technology officer, Greg Day, told the BBC.

"We had at least a decade of cybercrime which generally targeted anybody. Then we had the emergence of very skilled techniques involving a lot of time and effort to target global organisations. What we have now is almost the commercialisation of those techniques, using elements such as advanced persistent threats to pursue espionage and intellectual property theft, whether that is for their own gain or resale."

2366 days ago
Eric

So what. We accuse China.China denies it all. End of story. NOTHING gets done to end these hack attacks.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code