30 years of commitment
Chemical Industry Council of California

Symantec Uncovers Cyber Attacks on Chemical Industry

Posted 11/1/11



October 31, V3.co.uk - (International) Symantec uncovers Nitro [cyber] attacks targeting chemical industry. Symantec has revealed a large-scale targeted cyber attack designed primarily to steal information from chemical and defense companies, including 27 in the United States. Dubbed "Nitro", the campaign started in late April focused on human rights groups, before moving onto the motor industry, according to the Symantec Nitro attacks report. The attack moved onto the chemical industry in late July, targeting 29 companies and another 19 in sectors such as defense, the report said. 


The attackers used the common ploy of sending certain members of a target organization an e-mail with a malicious attachment disguised as a meeting invitation or security update. "The emails contained an attachment that was either an executable that appeared to be a text file based on the file name and icon, or a password-protected archive containing an executable file with the password provided in the email," the report said. "In both cases, the file was a self-extracting executable containing PoisonIvy, a common backdoor Trojan developed by a Chinese speaker." Once the infected machine was connected to the command and control server, attackers could traverse the network, infecting additional computers in search for the domain administrator's credentials, and from there locate servers containing intellectual property.


Eventually the content is uploaded to a remote site. The attacks were spread geographically, but most infected machines were located in the United States (27), Bangladesh (20), and the United Kingdom (14). Symantec traced the attacks to a virtual private server (VPS) based in the United States, but registered to a "20-something male" in Heibei, China dubbed "Covert Grove". The male claimed the VPS, which cost him $32 a month to rent, was set up for legitimate purposes, but Symantec researchers found evidence that may point to the contrary. "When prompted regarding hacking skills, Covert Grove immediately provided a contact that would perform 'hacking for hire'. Whether this contact is merely an alias or a different individual has not been determined," the researchers concluded.   See Source Document 


* * * *

back to top


2011 Website Articles


COVID-19 and Wildfire Updates and Information
Updated 09-24-2020

The Early Years - Incorp. 1981

Teleconference & Web-Mtgs
1st and 3rd Fridays each month

Members In the Spotlight
"Caught in the Act of Doing Good"


Weekly Sacramento Updates 2020
Updated 09-27-2020

2020 Legislative Updates

2020 Regulatory Updates

Legislation Search

2019 CICC Advocacy Issue Briefs
Principles that Guide CICC Legislative & Regulatory Activity


California Legislature
Members, Rules, Glossary of Terms, Calendar, How a Bill Becomes Law

Legislative Calendar
Session Dates and Deadlines

Official CA Legislative Info
Search by Bill No, Author or Key Word

Today In the Capitol Building
Committee Mtgs & Floor Sessions

California Law
Search 29 Separate Codes

Essential Links to State & Federal Websites
Governor, CA Legislature, Cal/EPA, Congress, U.S. EPA - and more




California Challenges & Opportunities

CICC Archives
Prior Months News Stories, Issues & Items, Flash and more ---

News, Weather & more
Today's News From MSNBC


New Orleans - Dec. 4-6, 2019

Members' Web-Mtg - Legs & Regs
Fri., Dec. 6th, 2019 @ 8:30 a.m.