Nearly 50 (and quite possibly more) companies in the chemical, defense, and other sectors have been hit with a spear phishing campaign carrying a backdoor Trojan with the ultimate goal of exfiltrating R&D and manufacturing information, revealed Symantec in a newly released report.
The attacks against these companies started in late July 2011 and lasted until the middle of September 2011, but the attackers are though to be the same ones who targeted human rights related NGOs and companies in the motor industry in May.
The campaign was code-named Nitro by the researchers because of the attackers’ focus on information about chemical compounds and various advanced materials used by the military. All in all, nearly 100 computers – mostly located in the U.S., Bangladesh and the U.K. – have been infected, belonging to mostly to U.S. and U.K. companies.
The attacks predictably started with specially crafted emails sent to employees of these companies. In some companies only a few of them were targeted, in others almost 500. When the recipients were many, the email usually purported to be a security update; when the recipients were few, emails took the form of meeting invitations from business partners.
via Help Net Security, continued here.