This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.guardian.co.uk/technology/2012/aug/30/java-exploit-asian-hackers-says-symantec

The article has changed 4 times. There is an RSS feed of changes available.

Version 1 Version 2
Java exploit: Asian hackers behind first attacks, says Symantec Java exploit: Asian hackers behind first attacks, says Symantec
(about 2 months later)
An Asian hacker group dubbed "Nitro", because its previous targets include chemicals manufacturing companies, was behind the first attacks to exploit a flaw in Oracle's Java software, says the security company Symantec.An Asian hacker group dubbed "Nitro", because its previous targets include chemicals manufacturing companies, was behind the first attacks to exploit a flaw in Oracle's Java software, says the security company Symantec.
Although little is known about the group, it is thought that they did not discover the flaw themselves but may have bought it from a commercial group that specialises in selling details about "zero-day" flaws in software that can be used to penetrate commercial or government systems, even when they have the most up-to-date cybersecurity in place.Although little is known about the group, it is thought that they did not discover the flaw themselves but may have bought it from a commercial group that specialises in selling details about "zero-day" flaws in software that can be used to penetrate commercial or government systems, even when they have the most up-to-date cybersecurity in place.
"We can confirm that some of the attackers behind this latest round of attacks are actually the Nitro gang," Symantec says."We can confirm that some of the attackers behind this latest round of attacks are actually the Nitro gang," Symantec says.
Orla Cox, senior manager for security response, told the Guardian that the gang had first been spotted online in October 2011, using a command server located in Singapore that was used to control the siphoning of information from 29 US, UK and Bangladesh-based chemical manufacturing companies, many listed on the stock market. She declined to name them, citing customer confidentiality.Orla Cox, senior manager for security response, told the Guardian that the gang had first been spotted online in October 2011, using a command server located in Singapore that was used to control the siphoning of information from 29 US, UK and Bangladesh-based chemical manufacturing companies, many listed on the stock market. She declined to name them, citing customer confidentiality.
The latest attacks, which have led to widespread advice that users should disable Java on their browsers, were spotted last week.The latest attacks, which have led to widespread advice that users should disable Java on their browsers, were spotted last week.
But Cox said that new evidence collected by Symantec indicated that the Nitro group was sending out targeted emails, again to chemicals companies, since 22 August – before the vulnerability was spotted by security researchers.But Cox said that new evidence collected by Symantec indicated that the Nitro group was sending out targeted emails, again to chemicals companies, since 22 August – before the vulnerability was spotted by security researchers.
The emails contained a link which, if clicked, would take unsuspecting users to websites. Those then exploited the flaw in Java to load malware on their machine and leave it open to being surreptitiously controlled, so that information on it or its network could be siphoned to the gang.The emails contained a link which, if clicked, would take unsuspecting users to websites. Those then exploited the flaw in Java to load malware on their machine and leave it open to being surreptitiously controlled, so that information on it or its network could be siphoned to the gang.
"They haven't used a zero-day attack before, which indicates that they don't as a group have that expertise," Cox said."They haven't used a zero-day attack before, which indicates that they don't as a group have that expertise," Cox said.
She said that suggests that they acquired it commercially rather than discovering it themselves.She said that suggests that they acquired it commercially rather than discovering it themselves.
Zero-day flaws are a burgeoning commercial field in the underground hacker economy where some gangs work to order for commercial or government clients which want to break into systems.Zero-day flaws are a burgeoning commercial field in the underground hacker economy where some gangs work to order for commercial or government clients which want to break into systems.
Discovering them can take a long time and special expertise; deploying them tends to require much less skill.Discovering them can take a long time and special expertise; deploying them tends to require much less skill.
Symantec said it could not identify the Nitro gang's location, as the Singaporean command computer could be controlled from anywhere in the world.Symantec said it could not identify the Nitro gang's location, as the Singaporean command computer could be controlled from anywhere in the world.
But it seemed likely, said Cox, that the gang is based somewhere in the region.But it seemed likely, said Cox, that the gang is based somewhere in the region.
Turn autoplay off
Turn autoplay on
Please activate cookies in order to turn autoplay off
Edition: UK
About us
Today's paper
Subscribe
'Nitro' gang said to be behind first attacks using zero-day Java flaw used to spread malware
An Asian hacker group dubbed "Nitro", because its previous targets include chemicals manufacturing companies, was behind the first attacks to exploit a flaw in Oracle's Java software, says the security company Symantec.
Although little is known about the group, it is thought that they did not discover the flaw themselves but may have bought it from a commercial group that specialises in selling details about "zero-day" flaws in software that can be used to penetrate commercial or government systems, even when they have the most up-to-date cybersecurity in place.
"We can confirm that some of the attackers behind this latest round of attacks are actually the Nitro gang," Symantec says.
Orla Cox, senior manager for security response, told the Guardian that the gang had first been spotted online in October 2011, using a command server located in Singapore that was used to control the siphoning of information from 29 US, UK and Bangladesh-based chemical manufacturing companies, many listed on the stock market. She declined to name them, citing customer confidentiality.
The latest attacks, which have led to widespread advice that users should disable Java on their browsers, were spotted last week.
But Cox said that new evidence collected by Symantec indicated that the Nitro group was sending out targeted emails, again to chemicals companies, since 22 August – before the vulnerability was spotted by security researchers.
The emails contained a link which, if clicked, would take unsuspecting users to websites. Those then exploited the flaw in Java to load malware on their machine and leave it open to being surreptitiously controlled, so that information on it or its network could be siphoned to the gang.
"They haven't used a zero-day attack before, which indicates that they don't as a group have that expertise," Cox said.
She said that suggests that they acquired it commercially rather than discovering it themselves.
Zero-day flaws are a burgeoning commercial field in the underground hacker economy where some gangs work to order for commercial or government clients which want to break into systems.
Discovering them can take a long time and special expertise; deploying them tends to require much less skill.
Symantec said it could not identify the Nitro gang's location, as the Singaporean command computer could be controlled from anywhere in the world.
But it seemed likely, said Cox, that the gang is based somewhere in the region.