Chinese Hackers Target Chemical Companies

The attack ran from late July to mid-September and appeared to be aimed at collecting intellectual property for competitive advantage, reported Symantec, which code-named the attack Nitro, because of the chemical industry targets. Hackers went after 29 chemical companies and 19 other businesses that made advanced materials primarily used in military vehicles.

The attackers were the same Chinese group that targeted human rights organizations from late April to early May and the U.S. auto industry in late May. China and the U.S. have accused each other of industrial espionage for some time. China, which leads the world in the number of people online, is a hotbed for Internet crime, according to experts. The country has often been accused of cyber spying, which the government denies, while claiming to also be a target.

The latest attack involved sending e-mails that were often disguised as security updates or meeting invitations from business partners. Recipients who clicked on an attachment sent with the message would unknowingly install a common Trojan that would make their computers accessible to hackers. The malware called PoisonIvy was developed by a Chinese speaker, according to Symantec.

An infected computer could open a corporate network up to the attackers, who could then search for administrator credentials to gain access to systems storing intellectual property, which could then be uploaded to a remote server. The majority of infected computers, roughly five dozen, were reported in the U.S., Bangladesh, and the U.K. Symantec says.

Sponsored post

The security vendor traced the origin of the attacks to a 20-something male in the central province of Hebei, China. Symantec dubbed the man Covert Grove, based on a literal translation of his name. The man trained in network security at a vocational school.

When asked about his hacking skills, the man provided a contact that would perform “hacking for hire,” Symantec said. The vendor couldn’t determine whether the contact was an alias or another person, or whether Covert Grove was the sole attacker or played a direct or indirect role. Symantec also didn’t know whether the man was hacking on behalf of another party or multiple parties.

Symantec is only the latest security vendor to report cyber industrial espionage originating from China. Rival McAfee reported in February persistent attacks from the Asian country against the global oil, energy and petroleum companies.

Google shuttered its search engine in China last year, complaining of cyber attacks. In June of this year, Google claimed China was the source of a sophisticated phishing attack targeting high profile Gmail account holders, including U.S. government officials. Chinese office denied the allegations.