- 3 -
Chemical Industry Sector
4.
October 31, V3.co.uk
– (International) Symantec uncovers Nitro attacks targeting
chemical industry. Symantec has revealed a large-scale targeted cyber attack designed
primarily to steal information from chemical and defense companies, including 27 in
the United States. Dubbed "Nitro", the campaign started in late April focused on human
rights groups, before moving onto the motor industry, according to the Symantec Nitro
attacks report. The attack moved onto the chemical industry in late July, targeting 29
companies and another 19 in sectors such as defense, the report said. The attackers used
the common ploy of sending certain members of a target organization an e-mail with a
malicious attachment disguised as a meeting invitation or security update. "The emails
contained an attachment that was either an executable that appeared to be a text file
based on the file name and icon, or a password-protected archive containing an
executable file with the password provided in the email," the report said. "In both cases,
the file was a self-extracting executable containing PoisonIvy, a common backdoor
Trojan developed by a Chinese speaker." Once the infected machine was connected to
the command and control server, attackers could traverse the network, infecting
additional computers in search for the domain administrator's credentials, and from
there locate servers containing intellectual property. Eventually the content is uploaded
to a remote site. The attacks were spread geographically, but most infected machines
were located in the United States (27), Bangladesh (20), and the United Kingdom (14).
Symantec traced the attacks to a virtual private server (VPS) based in the United States,
but registered to a "20-something male" in Heibei, China dubbed "Covert Grove". The
male claimed the VPS, which cost him $32 a month to rent, was set up for legitimate
purposes, but Symantec researchers found evidence that may point to the contrary.
"When prompted regarding hacking skills, Covert Grove immediately provided a
contact that would perform 'hacking for hire'. Whether this contact is merely an alias or
a different individual has not been determined," the researchers concluded.
Source:
5.
October 31, Global Security Newswire
– (International) Chemical weapons monitors
due back in Libya. Libya's interim prime minister said October 30 his government
asked international monitors to return to the country and assist the new government's
efforts to eliminate a small stockpile of chemical warfare agents, the Associated Press
reported. When the uprising against Libya's former dictator began in February, Libya
still held roughly 9 metric tons of mustard blister agent, part of a 25-ton stockpile it had
been destroying under the Chemical Weapons Convention. The north African nation is
also believed to still retain hundreds of metric tons of chemical weapon precursor
material. The Organization for the Prohibition of Chemical Weapons, which monitors
compliance with the convention's statutes, has said it would send inspectors back to
Libya as soon as the situation allowed. A U.S. Assistant Secretary of State said Libya's
chemical weapons have been under "continuous surveillance to assure that it has
remained in its storage facilities and has not been tampered with." Russia has submitted
a resolution to the U.N. Security Council that calls on Libya's interim government to