UK chemical firms caught up in Chinese spy ring

Firms in the chemicals and defence industries infected via phishing attack from China

At least 14 British companies in the chemical and defence industries have become the victim of a phishing attack launched from China that aimed to pilfer trade secrets.

IT security firm Symantec reported a phishing attack, dubbed Nitro. The attack resulted in multiple Fortune 100 companies being infected with a backdoor Trojan, which was used to send intellectual property to the malware controllers in China.

The attackers targeted companies involved in the development of advanced materials used in military vehicles, as well as non-governmental organisations (NGOs) and firms in the motor industry.

The attackers sent emails containing malware to a carefully selected group of employees at the targeted companies, in an effort to avoid suspicion.

"The use of social networks, such as LinkedIn, makes it relatively easy for attackers to identify people that work for specific companies," said Orla Cox, senior manager at Symantec's security response unit.

The Trojan-containing emails were disguised as invitations to a meeting with a business partner or as a security update. In both cases, the Trojan would be installed on their system if users clicked on the email attachment.

The malware was designed to seek out industrial secrets and send them to a command-and-control system based in the US. According to Symantec, the command-and-control servers were run by at least one individual, whom they called Covert Grove.

"We couldn't characterise this type of attack as being state-sponsored," said Cox, "but they do appear to be launched by people who think they are being patriotic."

News of the attacks comes just a days after the prime minister told the London Conference on Cyberspace that every day the UK government sees attempts to steal its data "on an industrial scale".