China syndromeChemical, defense companies subject to Chinese Nitro attacks

Published 4 February 2014

More and more chemical and defense companies around the world are victims of Nitro attacks. These attacks, launched by government-backed Chinese hackers, install PoisonIvy, a Remote Access Tool (RAT) stealthily placed on computer systems to steal information. The majority of the computers infected belong to firms in the United States, Bangladesh, and the United Kingdom.

Chemical and defense companies are increasingly becoming the targets of hackers who engage in industrial espionage to collect intellectual property for competitive advantage.

Dubbed “Nitro attacks,” the malware infections are part of a series of high-level cyber attacks that security experts attribute to government-backed hackers. The Times of India reports that in late 2011, about forty-eight chemical and defense firms were attacked by a Chinese hacker via his virtual private server (VPS) in the United States, according to a report from Symantec Corp. Computers belonging to the firms which were attacked were infected with malicious software known as PoisonIvy, a Remote Access Tool (RAT) installed on computer systems to steal information.

According to Symantec researchers, Nitro-hackers “typically obtain domain administrator credentials and/or gain access to a system storing intellectual property…While the behavior of the attackers differs slightly in each compromise, generally once the attackers have identified the desired intellectual property, they copy the content to archives on internal systems they use as internal staging servers. This content is then uploaded to a remote site outside of the compromised organization completing the attack.”

The majority of the computers infected belong to firms in the United States, Bangladesh, and the United Kingdom.

The latest emerging threat in cyberspace is the deadly Nitro attack targeting chemical and defense companies to steal information,” said Pendyala Krishna Sastry, fraud management and digital forensics head of Tata Consultancy Services (TCS). Sastry spoke at India’s national workshop on “Digital Forensics and Incident Response Management,” organized by the computer science and engineering department of Gitam University.

According to Sastry, Nitro attacks are targeting critical infrastructure such as nuclear plants, industrial research data, and chemical industrial systems. The Times notes that India’s Central Bureau of Investigation, along with other law enforcement agencies, has created units for handling cybercrimes.