Symantec Corp has revealed that a coordinated cyber attack targeted at least 48 chemical and defense companies in the US, Bangladesh and the UK. The source of the attack has been traced to a man in China, according to the report.
Computers at each company were hit with a software tool known as “PoisonIvy”, a readily-available Remote Access Trojan that facilitated the theft of information including design documents, formulas and details about manufacturing processes.
Symantec didn’t name the companies affected but it did say that several of them were Fortune 100 corporations. Additionally, 29 victims were chemical companies and some of those affected develop advanced materials used by the military. The attacks were carried out from July through mid September.
The security firm believes that the attacks appear to be industrial espionage, essentially an attempt to collect sensitive material to give competitors an advantage. The person in question has been given the nickname Covert Grove and is believed to be responsible for attacks on human-rights groups and the automotive industry in April and May. The chemical campaign, dubbed the “Nitro” attacks, was traced to a man in his 20s in Hebei province in northern China.
"We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role," said Symantec in a published report. "Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties."
PoisonIvy was sent to multiple recipients of each company via email with an attachment that installed the program unknowingly. The email was forged to look like it came from an established business partner or as an essential security update.