Data Thieves Strike At Chemical Industry

Dennis Faas's picture

Dozens of chemical companies have been hit with a wave of online attacks. At least 48 companies are confirmed to have been hit, of which 29 were in the chemical sector. The remaining 19 companies were involved in the chemical defense sector.

According to security researchers at Symantec, the assault ran from July until the middle of September, though the effects are still being felt. The true scale may be larger: at least 101 different locations are known to be housing computers infected by the attack, covering 20 different countries. (Source:

Cyber Attacks Use Low-Tech Approach

The attacks started in a relatively low-tech and simple fashion: the hackers sent emails to staff at the target companies with what looked to be text-based file attachments. In reality, these files were in fact executable programs that installed a rogue application named, dubbed "PoisonIvy."

The rogue app then contacted a command and control computer over the Internet which collected details of other computers on the same network, along with logins and passwords of users.

It then used the collected information to attempt to gain access to the other machines and spread across the network until it found sensitive data, which it then copied and transferred back to the attackers. (Source:

Cyber Attacks Targets Said to be Specific

The attacks were clearly directed at specific targets.

In three cases, hundreds of staff received emails and in the rest of the attacks only a few employees received such messages. This "all or nothing" approach allowed the attackers to concentrate on customizing emails for specific individuals, thus increasing the likelihood of the message appearing credible and legitimate.

Pattern of Attacks Used Previously

According to Symantec, attacks of this kind have been seen before.

Back in April a number of human rights groups were targeted; then in May, it was the automotive industry. If the same people were responsible for the attacks, it raises the possibility that the attackers are not gathering the confidential information for their own use, but are instead acting in a mercenary role.

Companies from around the world were targeted by PoisonIvy, with twelve American, five British, and several Danish, Italian, Dutch and Japanese firms affected.

| Tags:
Rate this article: 
No votes yet