MACAFEE Foundstone Professional Services and MacAfee Labs have revealed continuing cyber attacks against global oil, energy and petrochemical companies.
The attacks have been dubbed Night Dragon, and started in November 2009. According to the firms, they originate primarily in China, and the researchers have also identified the tools, techniques, and network activities used in the continuing attacks.
The covert and targeted cyber attacks involved social engineering, spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs).
The attacks’ main goals were to target and harvest sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations.
The Night Dragon attacks work by methodical and progressive intrusions into the targeted infrastructure, by first compromising extranet web servers through SQL-injection techniques, then uploading commonly available hacker tools to the compromised servers to then gain access to company intranets.
From there, the attackers used password cracking and hash interception tools to harvest more usernames and passwords for increased access to sensitive layers of desktops and servers.
Eventually, the attacks targeted executive machines to extract email archives and other sensitive documents.
While originating from China, these attacks leveraged command and conquer servers on purchased hosted services in the United States and compromised servers in the Netherlands.
Global oil, gas, and petrochemical companies were the targets, as were individuals and executives in Kazakhstan, Taiwan, Greece, and the United States, with the aim of acquiring proprietary and highly confidential information.
The MacAfee whitepaper [http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf] provides more information on these attacks and detection methods.