HOME

TheInfoList



Click Here for Items Related To - Nitro Cyberattacks
OR:
Nitro Cyberattacks on:   [Wikipedia]   [Google]   [Amazon]

The Nitro hacking attacks were a targeted malware campaign in 2011 suspected to be a case of
corporate espionage Industrial espionage, economic espionage, corporate spying, or corporate espionage is a form of espionage conducted for commercial purposes instead of purely national security. While political espionage is conducted or orchestrated by governme ...
. At least 48 confirmed companies were infected with a
Trojan Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...
called Poison Ivy that transferred intellectual property to remote servers. Much of the information known about these attacks comes from a
white paper A white paper is a report or guide that informs readers concisely about a complex issue and presents the issuing body's philosophy on the matter. It is meant to help readers understand an issue, solve a problem, or make a decision. A white pape ...
published by cybersecurity company Symantec (renamed
NortonLifeLock Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company co-headquartered in Tempe, Arizona and Prague, Czech Republic. The company provides cybersecurity software and services. Gen is a Fortune 50 ...
).


Targets

Initial attacks in April and May 2011 targeted human rights organizations, though later in May the focus shifted to automotive companies. Then from July to September another series of breaches occurred with the majority of targets in the chemical and advanced materials industry and the defense sector. The attacks were international, with targeted firms in 20 countries, though the majority were in the U.S., U.K., and Bangladesh.


Methods

The targets seem to have been carefully selected and researched, with
spear phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
emails usually going out to only a handful of employees at each company and claiming to be sent from specific business partners or to contain security updates. These emails came with an attachment that infected the user's computer with Poison Ivy, which then allowed attackers to send remote commands and eventually gain access to valuable data. In a strange move, the hackers actually used Symantec's report on their activities as a means to gain victims' trust. After the paper was published, new emails were sent by Nitro that pretended to be from Symantec and contained cursory information about the attack along with an attachment named "the_nitro_attackspdf.7z". This executable file would actually create a PDF of the real Symantec white paper, but would also infect the machine with the
remote access Trojan In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system (usually a PC, but the concept applies equally to a server ...
.


Perpetrators

Unusually for a cybersecurity investigation, researchers were able to trace some attacks back to an individual dubbed Covert Grove who owned a U.S.-based virtual private server involved in the campaign, though he operated from
Heibei Province Hebei or , (; alternately Hopeh) is a northern province of China. Hebei is China's sixth most populous province, with over 75 million people. Shijiazhuang is the capital city. The province is 96% Han Chinese, 3% Manchu, 0.8% Hui, and 0. ...
, China. The man claimed to only use the server for logging into the QQ instant messaging system and investigators were never able to confirm his direct involvement or connection to any other organization. However, Symantec later attributed to the same Nitro group a series of attacks in 2012 using a
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mo ...
zero-day vulnerability A zero-day (also known as a 0-day) is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit it t ...
called CVE-2012-4681.


See also

* PoisonIvy (Trojan)


References

{{reflist


External links


Symantec's white paper on the attacks
(archived) Cyberattacks Cyberwarfare by China 2011 in technology