:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/13876083/Spy.1419962681.jpg)
Symantec recently discovered an industrial espionage campaign against 29 chemical companies around the world that lasted from late July to mid-September this year. The attackers duped people into installing the Poison Ivy trojan with bogus emails containing "critical updates" as attachments. Once a system was compromised, they dumped passwords and roamed the network, infecting additional computers and copying information about advanced military materials and industrial infrastructure. It's particularly sad because Poison Ivy isn't hard to detect with standard antivirus software; an ounce of prevention would have gone a long way.
Symantec found 101 IP addresses with infected traffic and traced the source to a virtual server in the United States belonging to a young man in China whom they called Covert Grove, a transliteration of his Chinese name. He said he rented the server for $32 a month solely to gain a static IP address for use with a popular IM program in China. Symantec couldn't determine if Covert Grove was affiliated with anyone else but remained suspicious, noting that he immediately recommended a hacker-for-hire when asked about his skills. The true identity of the reference is still unknown, but this isn't the first time we've seen industrial hacking, and the SEC now requires companies to disclose these cyber attacks, so it probably won't be the last.
