Chinese Nitro hacker attacked UK, US chemical companies

At least 48 chemical and defence companies, most of them in the US and UK, were hit by a cyber-attack traced to a man in China, according to security firm Symantec.

A piece of malware known as PoisonIvy was used to infect computer systems at the firms - which include a number of businesses in the Fortune 100 list - and was used to steal industrial secrets, claims the report (PDF). Twenty-nine of the companies are in the chemicals industry, including firms that develop advanced materials for military vehicles.

"The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," Symantec said in the white paper.

The campaign of cyber-attacks, nicknamed 'Nitro' by Symantec, ran from late July to mid-September, and was traced to a US-based computer that was owned by a man in his 20s from Hebei province in northern China, who researchers nick-named 'Covert Grove', based on a literal translation of his name.

Further research implicated the 'command and control' servers used to co-ordinate the attack in earlier attacks against human rights groups from late April to early May.

"We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role," said Symantec. "Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties."

The Nitro attacks are the latest in a series of campaigns that security researchers claim are the work of state-sponsored hackers. In an interview with thinq_ last month, Greg Hoglund, CEO of US security contractor HBGary, claimed that China was waging a "new Cold War" against the West online.