Nitro attacks hit chemical industry

The Nitro hackers went after the secrets of chemical companies, Symantec says.


A host of chemical sector companies were targeted by hackers between April and September this year, as part of a coordinated campaign by an unknown group.

A number of Fortune 100 companies involved in research and development of chemical compounds and advanced materials were targeted as part of the attacks, codenamed Nitro, Symantec reported.

The group, a member of which Symantec spoke to in order to gain a greater understanding of the attacks, sought to gain intellectual property by placing a Remote Access Tool (RAT) Trojan known as Poison Ivy onto targets' machines.

Typically, their primary goal is to obtain domain administrator credentials and/or gain access to a system storing intellectual property.

Advertisement - Article continues below
Advertisement - Article continues below

"First, when a specific recipient was targeted, the mails often purported to be meeting invitations from established business partners. Secondly, when the emails were being sent to a broad set of recipients, the mails purported to be a necessary security update," the Symantec report explained.

"The emails then contained an attachment that was either an executable that appeared to be a text file based on the file name and icon, or a password-protected archive containing an executable file with the password provided in the email."

Once the file was opened, the Poison Ivy malware would install itself on the victim's system and start communicating with a C&C server on TCP port 80 using an encrypted communication protocol.

"Using the C&C server, the attackers then instructed the compromised computer to provide the infected computer's IP address, the names of all other computers in the workgroup or domain and dumps of Windows cached password hashes," the Symantec report continued.

"By using access to additional computers through the currently logged on user or cracked passwords through dumped hashes, the attackers then began traversing the network infecting additional computers. Typically, their primary goal is to obtain domain administrator credentials and/or gain access to a system storing intellectual property."

A nations state attack?

Advertisement - Article continues below

The motives and backing of the hacking group behind Nitro remain unclear, despite some indicative information uncovered by Symantec.

The majority (27 per cent) of the infected machines identified by the security giant were located in the US, with 20 per cent in Bangladesh and 14 per cent in the UK. However, Symantec said the attackers were not targeting organisations in any particular country, as the geographical spread of hits was varied.

Instead, the security company suggested attackers were either going after sites, or individuals in certain sites, which they knew had access to particular data. The attackers may also simply have been targeting the lowest hanging fruit and attempting to dupe those with weak security, Symantec said.

Whilst China was mentioned in the report the member of the hacking group responsible from Nitro was based in the Hebei region there was no evidence to suggest a nation state was, or was not, behind the attacks.

Advertisement - Article continues below

Nevertheless, the hackers involved in Nitro targeted other industries outside of the chemical sector, making the case for a nation state's involvement more likely.

They targeted another 19 companies, most of which were in the defence industry, Symantec said.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Are you taking enough accountability on cyber security?

18 Dec 2019

Most Popular

mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020