View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 10, 2011

‘Night Dragon’ cyber attacks hit global energy companies

McAfee outlines 'unsophisticated' Chinese hacks

By Steve Evans

Security firm McAfee has revealed details of a large scale cyber attacks launched against global energy companies, specifically in the oil and gas industries.

Starting in November 2009 the attacks targeted proprietary operations and project-financing information on oil and gas field bids and operations. McAfee said the highly sensitive nature of these bids can make or break multi-billion dollar bids.

McAfee has dubbed the attacks "Night Dragon" and claims they are likely to have originated in China. "The tools, techniques, and network activities used in these attacks originate primarily in China. These tools are widely available on the Chinese Web forums and tend to be used extensively by Chinese hacker groups," wrote CTO George Kurtz on the firm’s blog.

Hackers used a combination of vectors to access the systems, including social engineering, spear-phishing, Windows exploits, Active Directory compromises, and the use of remote administration tools (RATs).

"While the list above may seem impressive to the layperson, these methods and tools are relatively unsophisticated," warned Kurtz. "The tools simply appear to be standard host administration techniques that utilise administrative credentials. This is largely why they are able to evade detection by standard security software and network policies."

A White Paper released by McAfee goes in to more details about the hacks. The attacks began with a SQL-injection technique, which compromised external web servers. Common hacking tools were then used to access intranets, giving attackers access to internal servers and desktops. Usernames and passwords were then harvested and after disabling Internet Explorer proxy settings, hackers were able to establish direct communication from infected machines to the Internet.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Kurtz went on to explain that attacks similar to this are increasing in number. "Well-coordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise," he wrote. "These targets have now moved beyond the defence industrial base, government, and military computers to include global corporate and commercial targets."

"More and more, these attacks focus not on using and abusing machines within the organisations being compromised, but rather on the theft of specific data and intellectual property," he added. "Focused and efficient define the very essence of today’s attackers.
"[It] is a clear example of how cybercrime has evolved from something of a hobbyist affair to a very professional activity."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU