Chemical biz 'Nitro' hackers use Java to coat PCs in poison ivy

Chinese spying crew is back in business


The crew behind last year's "Nitro" industrial espionage attacks are among hackers exploiting the two potent Java security vulnerabilities patched this week.

The team, which attempted to lift sensitive blueprints from companies by compromising workers' computers, is now using holes in Oracle's software to install Poison Ivy on victims' Windows machines, Symantec reports. A malicious Java applet bypasses security checks to execute the Poison Ivy malware that opens a backdoor on infected PCs to allow a remote malicious user to gain control of the system.

The latest wave of attacks rely on the same command servers and involve components with the same file names as last year's assault, which targeted chemical industry giants and defence contractors. A 20-something Chinese bloke dubbed Covert Grove was accused by Symantec [PDF] of being involved in that 2011 campaign as the attacks were traced back to his server. There's more on the Nitro attack in this analysis by Trend Micro.

Now that source code exploiting the new Java vulnerabilities is in the wild, it won't just be the Nitro team seizing upon it to execute arbitrary software on victims' machines. For example, code taking advantage of the holes has been added to the BlackHole exploit tool kit, which infects vulnerable computers when a punter visits a booby-trapped web page.

In addition, Sophos has intercepted spam emails purporting to be from the Dutch branch of the accountancy firm BDO Stoy Hayward that attempt to trick marks into running the Java attack code. The dodgy emails, which unusually include the exploit script in the body of messages, pose as communiques in Dutch about a rise in tax rates. ®

Similar topics


Other stories you might like

  • Boeing's Starliner capsule corroded due to high humidity levels, NASA explains, and the spaceship won't fly this year

    Meanwhile Elon's running orbital tourist trips and ISS crew missions

    Boeing’s CST-100 Starliner capsule, designed to carry astronauts to and from the International Space Station, will not fly until the first half of next year at the earliest, as the manufacturing giant continues to tackle an issue with the spacecraft’s valves.

    Things have not gone smoothly for Boeing. Its Starliner program has suffered numerous setbacks and delays. Just in August, a second unmanned test flight was scrapped after 13 of 24 valves in the spacecraft’s propulsion system jammed. In a briefing this week, Michelle Parker, chief engineer of space and launch at Boeing, shed more light on the errant components.

    Boeing believes the valves malfunctioned due to weather issues, we were told. Florida, home to NASA’s Kennedy Space Center where the Starliner is being assembled and tested, is known for hot, humid summers. Parker explained that the chemicals from the spacecraft’s oxidizer reacted with water condensation inside the valves to form nitric acid. The acidity corroded the valves, causing them to stick.

    Continue reading
  • Research finds consumer-grade IoT devices showing up... on corporate networks

    Considering the slack security of such kit, it's a perfect storm

    Increasing numbers of "non-business" Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations' threat models.

    According to Greg Day, VP and CSO EMEA of the US-based enterprise networking firm: "When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents."

    The company surveyed 1,900 IT decision-makers across 18 countries including the UK, US, Germany, the Netherlands and Australia, finding that just over three quarters (78 per cent) of them reported an increase in non-business IoT devices connected to their org's networks.

    Continue reading
  • Huawei appears to have quenched its thirst for power in favour of more efficient 5G

    Never mind the performance, man, think of the planet

    MBB Forum 2021 The "G" in 5G stands for Green, if the hours of keynotes at the Mobile Broadband Forum in Dubai are to be believed.

    Run by Huawei, the forum was a mixture of in-person event and talking heads over occasionally grainy video and kicked off with an admission by Ken Hu, rotating chairman of the Shenzhen-based electronics giant, that the adoption of 5G – with its promise of faster speeds, higher bandwidth and lower latency – was still quite low for some applications.

    Despite the dream five years ago, that the tech would link up everything, "we have not connected all things," Hu said.

    Continue reading

Biting the hand that feeds IT © 1998–2021