Though Symantec was able to question Covert Grove enough to get him to claim he only owned the VPS to give himself a static IP address from which he could access an instant-messaging system popular in China – an explanation the report termed "suspicious" considering the $32/month cost of the VPS, which is quite high for China.
Symantec researchers couldn't figure out if Covert Grove was working on his own or with others.
Chinese government officials have complained about widespread accusations that China is behind a long series of cyber-espionage attacks on various Western countries, claiming that China is hacked at least as often as any other country, and that entrepreneurial individuals and small groups in the increasingly industrialized provinces of China go a-hacking on their own either as hobbies or covert businesses without any involvement with or sanction from the government.
The Symantec report doesn't comment on that, but does say another set of attackers are using the Backdoor.Sogu remote access tool to attack similar companies in the chemical business, using PDF and DOC files rather than meeting invitations or security updates as their cover.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.