background image
- 3 - 
Return to top
Chemical Industry Sector 
October 31,
 – (International) Symantec uncovers Nitro attacks targeting 
chemical industry. Symantec has revealed a large-scale targeted cyber attack designed 
primarily to steal information from chemical and defense companies, including 27 in 
the United States. Dubbed "Nitro", the campaign started in late April focused on human 
rights groups, before moving onto the motor industry, according to the Symantec Nitro 
attacks report. The attack moved onto the chemical industry in late July, targeting 29 
companies and another 19 in sectors such as defense, the report said. The attackers used 
the common ploy of sending certain members of a target organization an e-mail with a 
malicious attachment disguised as a meeting invitation or security update. "The emails 
contained an attachment that was either an executable that appeared to be a text file 
based on the file name and icon, or a password-protected archive containing an 
executable file with the password provided in the email," the report said. "In both cases, 
the file was a self-extracting executable containing PoisonIvy, a common backdoor 
Trojan developed by a Chinese speaker." Once the infected machine was connected to 
the command and control server, attackers could traverse the network, infecting 
additional computers in search for the domain administrator's credentials, and from 
there locate servers containing intellectual property. Eventually the content is uploaded 
to a remote site. The attacks were spread geographically, but most infected machines 
were located in the United States (27), Bangladesh (20), and the United Kingdom (14). 
Symantec traced the attacks to a virtual private server (VPS) based in the United States, 
but registered to a "20-something male" in Heibei, China dubbed "Covert Grove". The 
male claimed the VPS, which cost him $32 a month to rent, was set up for legitimate 
purposes, but Symantec researchers found evidence that may point to the contrary. 
"When prompted regarding hacking skills, Covert Grove immediately provided a 
contact that would perform 'hacking for hire'. Whether this contact is merely an alias or 
a different individual has not been determined," the researchers concluded. 
October 31, Global Security Newswire
 – (International) Chemical weapons monitors 
due back in Libya. Libya's interim prime minister said October 30 his government 
asked international monitors to return to the country and assist the new government's 
efforts to eliminate a small stockpile of chemical warfare agents, the Associated Press 
reported. When the uprising against Libya's former dictator began in February, Libya 
still held roughly 9 metric tons of mustard blister agent, part of a 25-ton stockpile it had 
been destroying under the Chemical Weapons Convention. The north African nation is 
also believed to still retain hundreds of metric tons of chemical weapon precursor 
material. The Organization for the Prohibition of Chemical Weapons, which monitors 
compliance with the convention's statutes, has said it would send inspectors back to 
Libya as soon as the situation allowed. A U.S. Assistant Secretary of State said Libya's 
chemical weapons have been under "continuous surveillance to assure that it has 
remained in its storage facilities and has not been tampered with." Russia has submitted 
a resolution to the U.N. Security Council that calls on Libya's interim government to