Global Market Data
Global News Journal
Pakistan: Now or Never?
Front Row Washington
David Cay Johnston
The Great Debate
Reuters Money Blog
Personal Finance Video
Life & Culture
Greece faces meltdown after bailout vote bombshell
Wall St spirals lower after Greek referendum call
WRAPUP 3-Greece faces meltdown after bailout vote bombshell
Greek vote would be on euro membership: Finnish minister
Fury in Germany after Greek referendum call
Insight: U.S. firms to charge smokers, obese more for healthcare
Two abortion clinic employees plead guilty to murder
Jobless US vets say military experience not valued
Pilgrims flock to Mecca to perform annual haj
Mon, Oct 31 2011
New CPR technique revives man after 63 minutes without pulse
Thu, Oct 27 2011
Floods continue to soak Bangkok
New cyber attack targets chemical firms
UPDATE 2-UK accused of double standards on Internet freedom
India shuts server linked to Duqu computer virus
Fri, Oct 28 2011
Exclusive: NSA helps banks battle hackers
Wed, Oct 26 2011
Exclusive: National Security Agency helps banks battle hackers
Wed, Oct 26 2011
Exclusive: Medtronic probes insulin pump risks
Tue, Oct 25 2011
Analysis & Opinion
Tech wrap: New Nook Color on the way?
Morrison v. NAB’s 2nd act: way beyond securities fraud and RICO
United Nations »
Cyber Crime »
Analysts work in a watch and warning center of a cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho September 29, 2011.
Credit: Reuters/Jim Urquhart
By Jim Finkle
Tue Nov 1, 2011 9:23am EDT
(Reuters) - At least 48 chemical and defense companies were victims of a coordinated cyber attack that has been traced to a man in China, according to a new report from security firm Symantec Corp.
Computers belonging to these companies were infected with malicious software known as "PoisonIvy," which was used to steal information such as design documents, formulas and details on manufacturing processes, Symantec said on Monday.
It did not identify the companies, but said they include multiple Fortune 100 corporations that develop compounds and advanced materials, along with businesses that help manufacture infrastructure for these industries.
The bulk of the infected machines were based in the United States and United Kingdom, Symantec said, adding that the victims include 29 chemicals companies, some of which developed advanced materials used in military vehicles.
"The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," Symantec said in a white paper on the campaign, which the company dubbed the "Nitro" attacks.
The cyber campaign ran from late July through mid-September and was traced to a computer system in the United States that was owned by a man in his 20s in Hebei province in northern China, according to Symantec.
Researchers gave the man the pseudonym "Covert Grove" based on a literal translation of his name. They found evidence that the "command and control" servers used to control and mine data in this campaign were also used in attacks on human-rights groups from late April to early May, and in attacks on the motor industry in late May, Symantec said.
"We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role," said Symantec's white paper. "Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties."
The Nitro campaign is the latest in a series of highly targeted cyber attacks that security experts say are likely the work of government-backed hackers.
Intel Corp's security unit McAfee in August identified "Operation Shady RAT," a five-year coordinated campaign on the networks of 72 organizations, including the United Nations, governments and corporations.
In February, McAfee warned that hackers working in China broke into the computer systems of five multinational oil and natural gas companies to steal bidding plans and other critical proprietary information.
Symantec said on Monday that the Nitro attackers sent emails with tainted attachments to between 100 and 500 employees at a company, claiming to be from established business partners or to contain bogus security updates.
When an unsuspecting recipient opens the attachment, it installs "PoisonIvy," a Remote Access Trojan (RAT) that can take control of a machine and that is easily available over the Internet.
While the hackers' behavior differed slightly in each case, they typically identified desired intellectual property, copied it and uploaded it to a remote server, Symantec said in its report.
Symantec did not identify the companies that were targeted in its white paper and researchers could not immediately be reached.
Dow Chemical Co said it detected "unusual e-mails being delivered to the company" last summer and worked with law enforcers to address this situation.
"We have no reason to believe our operations were compromised, including safety, security, intellectual property, or our ability to service our customers," a Dow spokesman said.
A spokesman for DuPont declined to comment.
(Reporting by Jim Finkle. Additional reporting by Matt Daily and Ernest Scheyder; Editing by Gerald E. McCormick and Richard Chang)
Related Quotes and News
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Be the first to comment on reuters.com.
Add yours using the box above.
Social Stream (What's this?)
Back to top
New York Legal
Support & Contact
Advertise With Us
Connect with Reuters
Our Flagship financial information platform incorporating Reuters Insider
An ultra-low latency infrastructure for electronic trading and data distribution
A connected approach to governance, risk and compliance
Our next generation legal research platform
Our global tax workstation
About Thomson Reuters
Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests.
NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.