|More than 48 hacks tracked to one man in ChinaAt least, we assume he was not married|
01 Nov 2011 10:22 | by Edward Berridge
More than 48 chemical and defence companies were victims of a coordinated cyber attack that has been traced to one man in China.
Insecurity outfit Symantec found that systems belonging to the hacked outfits were infected with malicious software known as "PoisonIvy." It was designed to steal information such as design documents, formulas and details on manufacturing processes.
Several Fortune 100 corporations that develop compounds and advanced materials were among those hacked. Most of the victims were in the United States and United Kingdom, Symantec said.
The attacks appear to be entirely for industrial espionage, but what is interesting is that they all came from a computer system that was owned by a man in his 20s in Hebei province in northern China.
A literal translation of the guy's pseudonym was "Covert Grove"and Symantec found proof that the the same "command and control" servers used to control and mine data in this campaign were also used in attacks on human-rights groups from late April.
At this point it is not possible to tell if Mr Grove is a lone gunman or if he has only an indirect role.
Symantec's also could not rule out that Grove is a hired gun working on behalf of another party, particularly, we guess, the Communist Party.
The standard method of attack was to send emails with tainted attachments to between 100 and 500 employees at a company, claiming to be from established business partners or to contain bogus security updates.
When a victim pens the attachment, it installs "PoisonIvy" which is a Remote Access Trojan to take control of a machine.