Researchers at security management company AlienVault are tracking the moves of a highly skilled espionage group, likely nation-state backed and operating out of China, that is targeting two U.S. manufacturers of solar panels.
In an interview this week with SCMagazine.com at the RSA Conference in San Francisco, Jaime Blasco, the company's lab director, said AlienValult soon will release detailed research about these hacking operations, which are seeking to steal things like design documents. He said the rootkit-like malware being used is complex and particularly difficult to locate.
"It's installing on the kernel level," he said, adding that it doesn't contain configuration data of the command-and-control server with which it communicates.
And the malware is custom built for this particular market sector, which makes it more difficult to battle than other so-called advanced persistent threats, Blasco said.
"If it's not targeting a wide range of industries, it's much, much more difficult to generate signatures," he said. By comparison, the Chinese military hacker unit outed by Mandiant in a recent report cast a much wider net and was easier to study after it successfully infiltrated 141 companies representing an assortment of verticals.
The high-growth energy space is one of the most sought-after industries by foreign espionage groups. Blasco said. One of the two solar panel makers is aware they've been targeted and compromised, but he declined to name either of them.
According to the Solar Energy Industries Association, the total installed capacity of solar energy rose to 1,992 megawatts in the third quarter of 2012, a new record.