14 DAY TRIAL // A massive hacking operation that took place between July and September 2011, targeting industrial secrets, reveals itself to be a cleverly designed hit that relies on social engineering and simple users with too many privileges.
Symantec's Security Response Team released a paper called “The Nitro Attacks – Stealing Secrets from the Chemical Industry” in which they detail the malicious attack.
The Nitro campaign was launched at private research companies, its main goal being to collect all sorts of classified information such as formulas, manufacturing processes and documents.
To complete their objectives, the masterminds behind the scheme relied on two main types of emails which they sent to select employees of all the organizations involved.
The first category implied messages that were supposedly coming from business partners. They all contained archived attachments and once they were executed, they unleashed the now infamous PoisonIvy piece of malware.
The second category relied on so-called security updates. The emails which seemed to be coming from the company's internal IT staff, urged the targets to install the applications contained in the attachment.
Once it made its way onto a system, PoisonIvy would steal anything that came in its path, mostly relying on the fact that the users had administrative privileges, thus allowing it to obtain IP addresses, computer names and dumps of password hashes.
By possessing administrator rights, the attackers were able to freely roam the network, infecting all the computers they needed to achieve their goal.
The research shows that a majority of infected devices are located in the US, closely followed by Bangladesh and the UK.
The origin of the attack was traced back to a computer system located in the US, but as it later turned out, it was owned by a young Chinese man. To this date is has not been precisely determined whether anyone else was involved or the operation was conducted on behalf of a third party.