Cyber Attacks Traced to China

The security company Symantec have revealed that at least 29 firms in the chemicals industry have been targeted by a series of cyber-attacks which have been traced back to China. Symantec has also revealed that they have evidence that another 19 companies, including defence specialists have been affected.

It is believed that the attacks took place from late July and lasted until mid- September.  Symantec’s report revealed that at least 12 companies in the US, five in the UK and two in Denmark have been affected by the attacks. The names of the companies that are thought to have been affected have not been disclosed, but the report did reveal that companies ranked within Fortune 100 firms had been targeted. It was also recognised that several of the firms targeted are involved in developing materials for military vehicles.

Symantec believe that the campaign was focused on obtaining intellectual property such as formulas and design processes.

The US company Dow Chemicals has confirmed that they have been a target as staff received “unusual emails.” A spokesman for the company added “Dow engaged internal and external response teams, including law enforcement, to address the situation. As a result, we have no reason to believe our operations were compromised.”

Symantec have confirmed that workers at the organisations were sent emails asking them to open attachments. In some cases, the hackers attempted to deceive workers by claiming that the attachment contained important security updates or that it was an invitation from business partners.

Those who opened the attachment ended up installing a Trojan horse (a piece of code) which enabled hackers to obtain details of the targets’ computer networks. Once the Trojan was installed, the attackers used the information to locate and copy files to another part of the targets’ system. Once the desired files had been copied, the attackers could then commence with extracting the data with the company being none the wiser.

The Trojan used has been identified as PoisonIvy, which was developed by a Chinese speaker. Symantec have traced the attacks back to a “20-something male located in the Hebei region of China” who funnelled the process through a US computer server.

When Symantec contacted the potential hacker and prompted him to leave them contact details, he replied with details for someone who would “perform hacking for hire”. The only problem is that the company couldn’t determine whether this was the same person who had been involved in the attacks.

With the number of cyber-attacks increasing, Symantec’s chief technology officer, Greg Day stated “This is unfortunately becoming a new normal behaviour. We had at least a decade of cybercrime which generally targeted anybody. Then we had the emergence of very skilled techniques involving a lot of time and effort to target global organisations. What we have now is almost the commercialisation of those techniques, using elements such as advanced persistent threats to pursue espionage and intellectual property theft, whether that is for their own gain or resale.”

With the number of cyber-attacks set to increase, employees of companies need to remain vigilant and remain cautious when such as in this case, receive suspicious emails. Attachments should only be opened if the user knows that it has come from a trusteed source as opening attachments from untrustworthy sources can result in sensitive data being compromised.

Leave a Reply

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal