A cybercrime gang that primarily targets companies from the chemical industry has launched a new series of attacks that involve malware-laden emails purporting to be from Symantec, the security vendor responsible for exposing its operation earlier this year.
Dubbed the Nitro attacks, the gang's original industrial espionage efforts began sometime in July and lasted until September. The attackers' modus operandi involved sending emails that carried a variant of the Poison Ivy backdoor and were specifically crafted for each targeted company.
Despite being publicly exposed by Symantec in an October report, the gang didn't give up on its plans and, in fact, stuck to many of its techniques.
"The same group is still active, still targeting chemical companies, and still using the same social engineering modus operandi," security researchers from Symantec said in a blog post on Monday.
"That is, they are sending targets a password-protected archive, through email, which contains a malicious executable," they added.
The interesting aspect about the gang's new attacks is that they are using Symantec's own report in order to trick victims. One email intercepted by the security company was crafted to appear as if it were sent by its technical support department and warns recipients that many enterprise computers were infected with Poison Ivy.
The group's primary goal is to steal domain administrator credentials, as well as to gain access to systems that store intellectual property. After identifying the "desired" IP, the attackers copy it to archives on internal systems used as staging servers, with the content uploaded from there to a site outside of the compromised organization.
Click here to read more ....
Solutions : www.xcyss.in