[1][3] Then from July to September another series of breaches occurred with the majority of targets in the chemical and advanced materials industry and the defense sector.
[5][6] The targets seem to have been carefully selected and researched, with spear phishing emails usually going out to only a handful of employees at each company and claiming to be sent from specific business partners or to contain security updates.
[7][4] These emails came with an attachment that infected the user's computer with Poison Ivy, which then allowed attackers to send remote commands and eventually gain access to valuable data.
[3] Unusually for a cybersecurity investigation, researchers were able to trace some attacks back to an individual dubbed Covert Grove who owned a U.S.-based virtual private server involved in the campaign, though he operated from Heibei Province, China.
[4] The man claimed to only use the server for logging into the QQ instant messaging system and investigators were never able to confirm his direct involvement or connection to any other organization.