Spear Phishing Campaign Hits Dozens of Chemical, Defense Firms

Orome1 writes "Nearly 50 (and quite possibly more) companies in the chemical, defense, and other sectors have been hit with a spear phishing campaign carrying a backdoor Trojan with the ultimate goal of exfiltrating R&D and manufacturing information, revealed Symantec in a newly released report. The attacks against these companies started in late July 2011 and lasted until the middle of September 2011, but the attackers are thought to be the same ones who targeted human rights related NGOs and companies in the motor industry in May." Here's a link to the report itself (PDF).

Farewell Dossier redux

[The Man]

It's time to recognise that the West is in another Cold War with China. The steps taken to keep industrial information out of Soviet hands crimped trade and imposed costly burdens on US business, but they were at least somewhat effective. Let's try to do better, but for fuck's sake let's do something! How about starting by dropping all packets from China at the border? If nothing else it ought to get their attention.

Re:

[Anonymous Coward]

Let me refresh your memory... http://youtu.be/83tnWFojtcY [youtu.be]

People used to listen to me!!

Re:Farewell Dossier redux

[hedwards]

Because, we're not going to win this cold war if we're not providing easy access to our culture. Soft power has done far more for the US' standing in the world than our willingness to spend every last cent on pointless military endeavors.

Re:

[hedwards]

Portions of it are already available over there. The Great Firewall thing is a pretty big joke. Sure it does cut down a great deal on that, but it's hardly rocket science to circumvent, and ultimately, us dropping all those packets at our border would make it nigh impossible for them to get through. Assuming that it's even possible in the first place, which is questionable at best.

Re:

[trolman]

Blocking the bad country IP ranges will not work. The bad guys simply buy botnets or hosting. User education is the only real fix. From a technical point of view I would love to protect the network from everything. But the reality of human interaction is that the bad guys will get in by phone, fax, email, visiting in person. Maybe if we call this a war it will give the users a bit more of a scare. After all the only effective way to teach something like this is to scare the users into compliance.

Re:

[durrr]

Because aggrevating things is the right choice. But please go ahead, I'd love to see china go all pikeman over your high horse and do an economic takedown.
Though most likely they'll just smile and wait it out, the US is so rotten through it's collapse under it's own weight any day now.

Re:

[Mister Whirly]

"Economic takedown"? Taking down the US economy would hurt China as much or more than it would hurt the US itself. Who do you think is the chief exporter of goods into the US? Who do you think owns a good chunk of US companies? Why would China want to cut it's own throat?

Re:

[durrr]

Someone compared the relationship to china being the farmer and the US being the eater.
What could happen is that the US ends up without food where china have to eat what they produce, terrible pain that would inflict yes.

Re:

[couchslug]

Stagdot?

User education

[trolman]

The only way to protect a network is user education. The bad guys will visit in person, call on the phone, email and find a way onto the network. Not even closed networks can be secured. Only a well educated computer user base will work.

What is Spear Phishing ?

[lemur3]

It seems to me that a well edited summary of the story might give us an idea of what Spear Phishing is.. at least, why is it different than normal phishing?

Is it because it has a trojan? What? huh?

help us out a bit here

Re:What is Spear Phishing ?

[cduffy]

It seems to me that a well edited summary of the story might give us an idea of what Spear Phishing is.. at least, why is it different than normal phishing?

Is it because it has a trojan? What? huh?

Spear phishing is different because it's highly targeted.

Happy to help.

Re:

[CapnStank]

Or you know.... google [wikipedia.org]

Re:

[demonbug]

It seems to me that a well edited summary of the story might give us an idea of what Spear Phishing is.. at least, why is it different than normal phishing?

Is it because it has a trojan? What? huh?

help us out a bit here

I wouldn't have thought the term would need explanation on Slashdot, as it is a standard industry term. A "spear phishing" attack is similar to regular phishing, but instead of targeting masses the attack targets specific, high-value individuals. Usually the attacks require a significant amount of research on the part of the attackers.

Re:What is Spear Phishing ?

[HopefulIntern]

Which is why the term is so apt. Fishing is the act of throwing a line out waiting for something to bite (sending unsolicited emails to hundreds and thousands of people and hoping someone will "bite"). Spear fishing requires the identification of a single fish, in the shallow water, and pinning it with a spear. Hence, the precision metaphor.

Re:

[tlhIngan]

It seems to me that a well edited summary of the story might give us an idea of what Spear Phishing is.. at least, why is it different than normal phishing?

It's a form of highly targeted phishing. Think back earlier this year to the RSA hack - how was it done? It was done by someone pretending to be the HR firm RSA uses and writing a pretty damn plausible e-mail that they might get in their inbox and not have second thoughts about (it was sent to their HR person about a list of potential hires).

Basically, i

Re:

[DriedClexler]

Spear phishing is phishing where you exploit specific information about the target to make your messages seem more trustworthy. For example, phishing would just be,

"Hello John_Doe@yahoo.com, it appears you have some bank activity awaiting confirmation, please click on this flaky URL ..."

Spear phishing would be,

"Dear Mr. John H. Doe,

Your account at Citibank [Doe actually has an account there] shows a rejected transaction for your purchase at 6:30 pm at Walmart on Tuesday, the 5th. [Doe actually made a purch

Why is it so easy to infiltrate serious targets?

[satuon]

So all it takes is to send emails to the employees telling them to execute an *.exe file? No wonder the Chinese are able to do it, this thing requires almost no skill, only enough numbers of people churning out emails. I wonder when the Chinese will stop bothering with the malware part, and just ask the employees to upload all the sensitive data.

Re:

[Registered Coward v2]

So all it takes is to send emails to the employees telling them to execute an *.exe file? No wonder the Chinese are able to do it, this thing requires almost no skill, only enough numbers of people churning out emails. I wonder when the Chinese will stop bothering with the malware part, and just ask the employees to upload all the sensitive data.

Actually, you're comment is not that far off the mark. I once was helping a company bring a new product to market, and as part of that would call the potential competitors and ask a whole lot of questions about their products, plans etc. I told them upfront exactly what we were doing - and they still gladly answered my questions. Once I reached the engineers designing the products they would talk my ears off about their product; it also helped that as an engineer I also could talk intelligently with them

Wow, talk about vague

[zill]

The attacks were traced back to a computer system that was a virtual private server (VPS) located in the United States. However, the system was owned by a 20-something male located in the Hebei region in China.

I don't usually overgeneralize, but "20-something male" pretty much describes 99% of the blackhats out there.

Re:

[satuon]

Attacks like this make me wonder why should users even be able to execute *.exe files. I've started to see the point of non-executable partitions in Linux.

Re:

[mjr167]

Because users occasionally need to actually, you know, use the computer to do their job?

Re:

[Culture20]

"Attacks like this make me wonder why should users even be able to execute *.exe files [in user writable space like \users\ or \temp\]. I've started to see the point of non-executable partitions in Linux."
Fixed for GP. It's pretty easy to set /home/ noexec on a linux machine and allow users to only run programs installed by the sysadmin. Still not perfect, but it would prevent a huge portion of malware out there now.

Re:

[satuon]

I meant they shouldn't be able to execute files that are not put there by the admin. That's what non-executable partitions are in Linux. Your root partition is executable, but your home partition is not. Your browser, word processor, etc. are in the executable partition so you can execute them. But if someone sent you an executable file you have to put it in your own home partition, and you can't execute it from there. And you can't move it to the root partition, because you don't have write permissions.

Re:

[93 Escort Wagon]

All email is Text you AC moron.

Technically correct, but misses the point and intent entirely. In other words, a typical Slashdot post. Well done!

Those companies chose to run Windows.

[couchslug]

That choice means they don't care about security. Ridicule is perfectly appropriate in this case.

Re:

[Anonymous Coward]

Which part of 'Trojan' do you not understand?

Given the venue, "How to put one on," seems like the appropriate answer to that question.

Good PR Move

[Gyorg_Lavode]

Is it just me, or did Symantec take a normal spear phishing attack, by the usual suspects, with the usual tools, and turn it into an advertisement? They gave it a name, wrote a paper on it, made sure it was clear CHEMICALS were involved, and then sent it to the news outlets. I guess this is only to be expected given how much publicity they got from their stuxnet and duqu analysis. Oh well. *sigh*