Home / / Symantec discovers China-based hack attack

Symantec discovers China-based hack attack

29 chemical firms, 19 other companies compromised by PoisonIvy Trojan

Symantec discovers China-based hack attack
Symantec has discovered a China-based hack attack that has compromised 29 firms in the chemicals industry.

Approximately 29 firms, which are involved in the chemicals industry, have been targeted by a series of cyber-attacks tracked back to China, according Symantec.

The internet security firm said that is also has evidence that a further 19 firms, including those in the defence industry, had also been attacked between July and mid-September 2011.

Symantec said the attacks were designed to steal intellectual property, such as design processes and formulas.

The report by Symantec did not reveal which companies were involved, but said several were Fortune 100 corporations and said at least 12 of the firms were US-based, five were UK-based and two were in Denmark.

Several of the firms that came under attack developed materials for military vehicles.

US chemical giant, Dow Chemicals told the BBC that it had been the target of "unusual emails" received during the July to September period.

"Dow engaged internal and external response teams, including law enforcement, to address the situation," a company spokesman told the BBC. "As a result, we have no reason to believe our operations were compromised."

Symantec said that workers at the affected companies were sent emails, which asked them to open an attachment, in some cases these emails were supposed to be from established business partners, in others the emails were fake security updates.

When the email attachments were opened, they installed a Trojan horse into the computer system, which allowed the hackers to gain network information and then locate and copy files to another part of their targets' systems, from where they were extracted.

The Trojan used was PoisonIvy, which Symantec said was developed by a Chinese speaker.

The internet security firm said it had traced the attacks back to a "20-something male located in the Hebei region of China" who funnelled the process through a US computer server.

This latest hack is being linked to earlier attacks on carmakers and human rights organisations.

"This is unfortunately becoming a new normal behaviour," Symantec's chief technology officer, Greg Day, told the BBC.

"We had at least a decade of cybercrime which generally targeted anybody. Then we had the emergence of very skilled techniques involving a lot of time and effort to target global organisations. What we have now is almost the commercialisation of those techniques, using elements such as advanced persistent threats to pursue espionage and intellectual property theft, whether that is for their own gain or resale."

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.