It is reported that the information might have been collected via infected USB drives.
The malware is then thought to have created a secret folder on the drives where it stored documents, and as soon as the drive was plugged into a computer connected to the web, it sent the files to specific IP addresses.
Although those IP addresses were reportedly traced to China, an analyst from security firm Sophos warned against reading too much into the detail.
"Even if a hack is traced back to a Chinese IP address, it doesn't necessarily mean that Chinese hackers are behind the hack," Graham Cluley, senior technology consultant, told the BBC.
"It's very hard to prove who is behind an attack because hackers can hijack computers on the other side of the world and get them to do their dirty work for them. In fact, they often do this to cover their tracks.
"Finding the 'smoking gun' evidence of who was behind a particular internet attack is, for this reason, often very hard to find."