Night Dragon hackers smash energy multinationals

Hackers target global energy firms as they seek to gain insider information, McAfee reveals.

Hackers have used a range of techniques in a dedicated attack against global energy companies, a report has indicated.

An unnamed selection of oil, energy and petrochemical firms have been targeted by cyber criminals in attacks that may have started as long ago as 2007, McAfee said.

Under the so-called Night Dragon operation, the attacks appeared to have been coordinated from a central point, the recently-acquired security firm claimed.

Advertisement - Article continues below

The hackers probed the companies for inside information, such as oil and gas production data, potential areas where the multinationals were looking to work and schematics on how systems worked.

McAfee could not reveal any of the specific details about the firms involved, but noted law enforcement had been brought in to investigate.

Whilst the seemingly coordinated attack has been going on for some time, McAfee was only able to "join the dots" together in recent weeks, said Greg Day, director of security strategy at McAfee.

"For us visibility has only happened in the last week or so, and I would suspect law enforcement may have only happened once they had a bigger understanding of the problem," Day told IT PRO.

Chinese involvement?

There were a number of indicators that the hackers were from China, although these were not guarantees, Day said.

Advertisement
Advertisement - Article continues below

Firstly, the individual responsible for providing the command and control centre infrastructure was located in the Shandong Province.

Advertisement - Article continues below

McAfee also discovered all of the identified data theft activity occurred from Beijing-based IP addresses and was carried out within the victim companies on weekdays between 09:00 and 17:00 Beijing time.

Furthermore, the hacking tools used in the attacks were of Chinese origin and can be bought together on Chinese underground hacking forums.

Part of the password string to get to the remote access control service contained the word China' in it as well, but this could just be a red herring, Day said.

"What seems very evident to us is that they weren't being very careful about covering up their tracks," he added.

"You have to question whether that was an intentional thing or was that accidental."

Whilst it seems the attacks were the doing of a centrally-organised body, members could have been spread across the globe, Day said.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020