A dozen of the targeted organizations were U.S.-based, said Symantec, while five were headquartered in Britain and others in Denmark, Italy, the Netherlands and Japan.
The attack campaign tagged as “Nitro” by Symantec started from last July and continued until mid-September, targeting an unknown number of companies and infecting at least 48 firms with the “Poison Ivy” remote-access Trojan.
In a published paper, Symantec researchers expounded their analysis of the Nitro attacks and the use of Poison Ivy.
“Nitro wasn’t at the level of sophistication of a Stuxnet,” said Jeff Wilhelm, a senior researcher with Symantec’s security response, “but there are similarities with other advanced threats.”
Among those common traits, added Wilhelm, was the attack’s narrow focus.
Poison Ivy was planted on Windows PCs whose owners fell for a dodge delivered via email, said Symantec.
Those emails, which were delivered in small numbers — touted meeting requests from reputable business partners, or in some cases, as updates to antivirus software or for Adobe Flash Player.
When users fell in love with the trick and opened the message attachment, they unknowingly installed Poison Ivy on their computers.
Then the attackers were able to issue instructions to the compromised computers, troll for higher-level passwords to gain access to servers hosting confidential information, and eventually offload the stolen content to hacker-controlled systems.
Twenty-nine out of the 48 firms that were successfully attacked were in the chemical and advanced materials trade — some of the latter with connections to military vehicles — while the other 19 were in a variety of fields, including the defense sector.