At least 48 major chemical and defense companies were victims of a coordinated cyber-attack that has been traced to a man in China, according to a new report from security firm Symantec Corp.

Computers belonging to these companies were infected with malicious software known as Poison Ivy, which was used to steal information such as design documents, formulas and details on manufacturing processes, Symantec said on Monday. Although it did not identify the companies, but said they include multiple Fortune 100 corporations that develop compounds and advanced materials, along with businesses that help manufacture infrastructure for these industries.Symantec further added that the victims included 29 chemicals companies, some of which developed advanced materials used in military vehicles.

According to Symantec, these attacks are classified as nitro attacks, whose purpose is industrial espionage, collecting intellectual property for competitive advantage. The cyber campaign ran from late July through mid-September and was traced to a computer system in the United States that was owned by a man in Hebei province in northern China, according to Symantec.

Researchers gave the man the pseudonym Covert Grove based on the literal translation of his name. Although they were able to trace the source of the attacks, Symantec are unable to find out whether Covert Grove was working alone or was a part of a bigger team.

The Nitro campaign is the latest in a series of highly targeted cyber-attacks that security experts say are likely the work of government-backed hackers.

Nitro attackers usually send emails with tainted attachments to between 100 and 500 employees at a company, claiming to be from established business partners or to contain bogus security updates.When an unsuspecting recipient opens the attachment, it installs Poison Ivy, a Remote Access Trojan (RAT) that can take control of a machine and that is easily available over the Internet.While the hackers’ behaviour differed slightly in each case, they typically identified desired intellectual property, copied it and uploaded it to a remote server, Symantec said in its report.

Major chemical companies targeted by cyber attacks

News reported by Adhir Roy Chowdury