Forgot your password?
typodupeerror
Security The Military IT

Spear Phishing Campaign Hits Dozens of Chemical, Defense Firms 46

Posted by timothy
from the if-you'd-just-please-open-your-loading-dock dept.
Orome1 writes "Nearly 50 (and quite possibly more) companies in the chemical, defense, and other sectors have been hit with a spear phishing campaign carrying a backdoor Trojan with the ultimate goal of exfiltrating R&D and manufacturing information, revealed Symantec in a newly released report. The attacks against these companies started in late July 2011 and lasted until the middle of September 2011, but the attackers are thought to be the same ones who targeted human rights related NGOs and companies in the motor industry in May." Here's a link to the report itself (PDF).
This discussion has been archived. No new comments can be posted.

Spear Phishing Campaign Hits Dozens of Chemical, Defense Firms

Comments Filter:
  • It's time to recognise that the West is in another Cold War with China. The steps taken to keep industrial information out of Soviet hands crimped trade and imposed costly burdens on US business, but they were at least somewhat effective. Let's try to do better, but for fuck's sake let's do something! How about starting by dropping all packets from China at the border? If nothing else it ought to get their attention.

    • by Anonymous Coward

      Let me refresh your memory... http://youtu.be/83tnWFojtcY [youtu.be]

      People used to listen to me!!

    • by hedwards (940851) on Tuesday November 01, 2011 @11:46AM (#37908464)

      Because, we're not going to win this cold war if we're not providing easy access to our culture. Soft power has done far more for the US' standing in the world than our willingness to spend every last cent on pointless military endeavors.

    • by trolman (648780) *
      Blocking the bad country IP ranges will not work. The bad guys simply buy botnets or hosting. User education is the only real fix. From a technical point of view I would love to protect the network from everything. But the reality of human interaction is that the bad guys will get in by phone, fax, email, visiting in person. Maybe if we call this a war it will give the users a bit more of a scare. After all the only effective way to teach something like this is to scare the users into compliance.
    • by durrr (1316311)
      Because aggrevating things is the right choice. But please go ahead, I'd love to see china go all pikeman over your high horse and do an economic takedown.
      Though most likely they'll just smile and wait it out, the US is so rotten through it's collapse under it's own weight any day now.
      • "Economic takedown"? Taking down the US economy would hurt China as much or more than it would hurt the US itself. Who do you think is the chief exporter of goods into the US? Who do you think owns a good chunk of US companies? Why would China want to cut it's own throat?
        • by durrr (1316311)
          Someone compared the relationship to china being the farmer and the US being the eater.
          What could happen is that the US ends up without food where china have to eat what they produce, terrible pain that would inflict yes.
  • The only way to protect a network is user education. The bad guys will visit in person, call on the phone, email and find a way onto the network. Not even closed networks can be secured. Only a well educated computer user base will work.
  • by lemur3 (997863) on Tuesday November 01, 2011 @11:49AM (#37908520)

    It seems to me that a well edited summary of the story might give us an idea of what Spear Phishing is.. at least, why is it different than normal phishing?

    Is it because it has a trojan? What? huh?

    help us out a bit here

    • by cduffy (652) <charles+slashdot@dyfis.net> on Tuesday November 01, 2011 @11:52AM (#37908546)

      It seems to me that a well edited summary of the story might give us an idea of what Spear Phishing is.. at least, why is it different than normal phishing?

      Is it because it has a trojan? What? huh?

      Spear phishing is different because it's highly targeted.

      Happy to help.

    • Or you know.... google [wikipedia.org]
    • by demonbug (309515)

      It seems to me that a well edited summary of the story might give us an idea of what Spear Phishing is.. at least, why is it different than normal phishing?

      Is it because it has a trojan? What? huh?

      help us out a bit here

      I wouldn't have thought the term would need explanation on Slashdot, as it is a standard industry term. A "spear phishing" attack is similar to regular phishing, but instead of targeting masses the attack targets specific, high-value individuals. Usually the attacks require a significant amount of research on the part of the attackers.

      • by HopefulIntern (1759406) on Tuesday November 01, 2011 @12:59PM (#37909262)
        Which is why the term is so apt. Fishing is the act of throwing a line out waiting for something to bite (sending unsolicited emails to hundreds and thousands of people and hoping someone will "bite"). Spear fishing requires the identification of a single fish, in the shallow water, and pinning it with a spear. Hence, the precision metaphor.
    • by tlhIngan (30335)

      It seems to me that a well edited summary of the story might give us an idea of what Spear Phishing is.. at least, why is it different than normal phishing?

      It's a form of highly targeted phishing. Think back earlier this year to the RSA hack - how was it done? It was done by someone pretending to be the HR firm RSA uses and writing a pretty damn plausible e-mail that they might get in their inbox and not have second thoughts about (it was sent to their HR person about a list of potential hires).

      Basically, i

    • Spear phishing is phishing where you exploit specific information about the target to make your messages seem more trustworthy. For example, phishing would just be,

      "Hello John_Doe@yahoo.com, it appears you have some bank activity awaiting confirmation, please click on this flaky URL ..."

      Spear phishing would be,

      "Dear Mr. John H. Doe,

      Your account at Citibank [Doe actually has an account there] shows a rejected transaction for your purchase at 6:30 pm at Walmart on Tuesday, the 5th. [Doe actually made a purch

  • by satuon (1822492) on Tuesday November 01, 2011 @11:57AM (#37908606)

    So all it takes is to send emails to the employees telling them to execute an *.exe file? No wonder the Chinese are able to do it, this thing requires almost no skill, only enough numbers of people churning out emails. I wonder when the Chinese will stop bothering with the malware part, and just ask the employees to upload all the sensitive data.

    • So all it takes is to send emails to the employees telling them to execute an *.exe file? No wonder the Chinese are able to do it, this thing requires almost no skill, only enough numbers of people churning out emails. I wonder when the Chinese will stop bothering with the malware part, and just ask the employees to upload all the sensitive data.

      Actually, you're comment is not that far off the mark. I once was helping a company bring a new product to market, and as part of that would call the potential competitors and ask a whole lot of questions about their products, plans etc. I told them upfront exactly what we were doing - and they still gladly answered my questions. Once I reached the engineers designing the products they would talk my ears off about their product; it also helped that as an engineer I also could talk intelligently with them

  • The attacks were traced back to a computer system that was a virtual private server (VPS) located in the United States. However, the system was owned by a 20-something male located in the Hebei region in China.

    I don't usually overgeneralize, but "20-something male" pretty much describes 99% of the blackhats out there.

  • by couchslug (175151) on Tuesday November 01, 2011 @02:41PM (#37910542)

    That choice means they don't care about security. Ridicule is perfectly appropriate in this case.

  • Is it just me, or did Symantec take a normal spear phishing attack, by the usual suspects, with the usual tools, and turn it into an advertisement? They gave it a name, wrote a paper on it, made sure it was clear CHEMICALS were involved, and then sent it to the news outlets. I guess this is only to be expected given how much publicity they got from their stuxnet and duqu analysis. Oh well. *sigh*

There is hardly a thing in the world that some man can not make a little worse and sell a little cheaper.

Working...