4 Dozen Companies Hacked by a Chinese

It seems that the person in question has a lot of free time. Almost 50 chemical and defense organizations became victims of a coordinated hacker attack. The latter has been tracked and led to one person residing in China.


Worldwide-known insecurity outfit Symantec revealed that systems that belonged to the attacked companies have been infected with malicious software the insecurity experts called “PoisonIvy”. The software was designed to steal such data as formulas, design documents, and various other details on manufacturing processes.

As for the targets, a number of corporations listed in Fortune 100 suffered the attack. These companies develop compounds and advanced materials for chemical and defence industries. Symantec confirmed that majority of the victims of the malware were residing in Britain and America.

Although all of the attacks seemed to be totally for industrial espionage, there was an interesting fact in this campaign – it turned out that the attacks came from a computer system owned by a person in his 20s, who resides in Hebei province in northern China. This man had online pseudonym, which could be literally translated as “Covert Grove”. Meanwhile, Symantec has already found proof to the fact that the same “command and control” servers that had been used to control and mine information in this campaign had also been used to launch in attacks on different human-rights groups since this past spring.

At the moment, it’s impossible to say for sure if Covert Grove operates by oneself or he has been used as an intermediary and therefore plays only an indirect role. In addition, Symantec also couldn’t confirm that the individual in question is a hired gun working on behalf of another party – in particular, it may be the Communist Party. The insecurity outfit confirmed that the standard method of attack the individual used was to send emails having tainted attachments. The letters were sent out to several hundreds employees of a targeted company. The emails made their way into the system by pretending to be from established business partners or claiming that they contain bogus security updates. After the victims penned the attachments, those installed “PoisonIvy” malware, which turned out to be a Remote Access Trojan able to take control of a computer.