New cyber attack targets chemical firms: Symantec
The Nitro campaign is the latest in a series of highly targeted cyber attacks that security experts say are likely the work of government-backed hackers.
Intel Corp's security unit McAfee in August identified "Operation Shady RAT," a five-year coordinated campaign on the networks of 72 organizations, including the United Nations, governments and corporations.
In February, McAfee warned that hackers working in China broke into the computer systems of five multinational oil and natural gas companies to steal bidding plans and other critical proprietary information.
Symantec said on Monday that the Nitro attackers sent emails with tainted attachments to between 100 and 500 employees at a company, claiming to be from established business partners or to contain bogus security updates.
When an unsuspecting recipient opens the attachment, it installs "PoisonIvy," a Remote Access Trojan (RAT) that can take control of a machine and that is easily available over the Internet.
While the hackers' behavior differed slightly in each case, they typically identified desired intellectual property, copied it and uploaded it to a remote server, Symantec said in its report.
Symantec did not identify the companies that were targeted in its white paper and researchers could not immediately be reached.
Dow Chemical Co said it detected "unusual e-mails being delivered to the company" last summer and worked with law enforcers to address this situation.
"We have no reason to believe our operations were compromised, including safety, security, intellectual property, or our ability to service our customers," a Dow spokesman said.
A spokesman for DuPont declined to comment.
(Reporting by Jim Finkle. Additional reporting by Matt Daily and Ernest Scheyder; Editing by Gerald E. McCormick and Richard Chang)
© Thomson Reuters 2017 All rights reserved.