Skip to: Content
Skip to: Site Navigation
Skip to: Search

Report: Chinese hackers launched summer offensive on US chemical industry

Chinese hackers sought to steal designs, formulas, and processes from chemical companies in the US and elsewhere, according to a report by cybersecurity firm Symantec. It's the latest example of Chinese hackers targeting a sector of the US economy.

By Staff writer / November 1, 2011

Dozens of chemical companies and other industrial firms worldwide were hit this summer by highly focused cyberattacks controlled by Chinese hackers, according to a new report.

Skip to next paragraph

The cyberattacks, which began in July and lasted through mid-September, appeared to be a concerted industrial spying effort targeting proprietary designs, formulas, and manufacturing processes, says the report by Symantec, a computer security firm in Cupertino, Calif. Affected companies included a number of Fortune 100 companies involved in research and development of advanced materials, often for military or industrial purposes.

The campaign is only the most recent in a series of targeted cyberattacks that appear to be linked to government-backed hackers. It fits a pattern in which an informal "cyber militia" takes its marching orders from somewhere within the Chinese hierarchy and proceeds to conduct attacks that are officially deniable, but ultimately a huge drain on the economies of nations whose companies are targeted, say cybersecurity experts.

In this case, the target appeared to be the chemical industry. In the past, it has been the oil industry. And while it is by no means certain that the Chinese government was behind this summer's attacks, the question looms large.

"The question is: Who is 'they?' " writes James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), a Washington think tank, in an e-mail interview. "The Chinese government encourages economic espionage [for illicit acquisition of technology], but that does not mean it directs all economic espionage."

All together, 48 companies in 20 countries were hit in the attacks that Symantec dubbed "Nitro." The firms include 29 in the chemical sector and 19 others mostly concentrated in the defense industry. The United States had the largest number of infected machines, closely followed by Bangladesh and Britain.

To access the corporate computer networks, attackers used a now-familiar "spear-phishing" approach. The tactic involves targeting company officials with access to the information hackers are seeking. The officials are sent e-mails that appear to come from close associates and are encouraged to open an infected file attachment. At a few companies, hundreds of individuals were sent e-mails that claimed to be a necessary security update.

Once the attached file was opened, a trojan horse program called "PoisonIvy" – well known in the hacker world – installed itself, created a backdoor to the network, and began sending messages to a "command and control" server. The attackers also proceeded to identify intellectual property and copy it to other systems prior to exiting the company network.

Ultimately, Symantec traced the attacks to a US-based computer system that was "owned by a 20-something male located in the Hebei region in China." The US researchers dubbed the Chinese suspect "Covert Grove" – a literal translation of his name – and proceeded to get in touch with him. He claimed to control the US machine solely in order to connect with a popular instant messaging system in China.


Read Comments

View reader comments | Comment on this story