In October of 2011 Symantec discovered the Nitro Attacks, a series of spearphishing emails that installed command and control software to steal intellectual property from chemical companies.
Symantec is now reporting on a new series of Nitro Attacks. In the first round of Nitro Attacks, the hackers sent highly targeted emails which delivered a malicious attachment. Symantec has found:
In these latest attacks, the attackers have developed a somewhat more sophisticated technique. They are using a Java zero-day, hosted as a .jar file on websites, to infect victims. As in the previous documented attacks, the attackers are using Backdoor.Darkmoon, re-using command-and-control infrastructure, and even re-using file names such as “Flash_update.exe”. It is likely that the attackers are sending targeted users emails containing a link to the malicious jar file. The Nitro attackers appear to be continuing with their previous campaign.
Spearphishers deceive by masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. Click here to learn more. You can contact us at 408-727-6342, ext 3 or use our online form.