Night Dragon hackers smash energy multinationals
Hackers target global energy firms as they seek to gain insider information, McAfee reveals.
Hackers have used a range of techniques in a dedicated attack against global energy companies, a report has indicated.
An unnamed selection of oil, energy and petrochemical firms have been targeted by cyber criminals in attacks that may have started as long ago as 2007, McAfee said.
Under the so-called Night Dragon operation, the attacks appeared to have been coordinated from a central point, the recently-acquired security firm claimed.
The hackers probed the companies for inside information, such as oil and gas production data, potential areas where the multinationals were looking to work and schematics on how systems worked.
McAfee could not reveal any of the specific details about the firms involved, but noted law enforcement had been brought in to investigate.
Whilst the seemingly coordinated attack has been going on for some time, McAfee was only able to "join the dots" together in recent weeks, said Greg Day, director of security strategy at McAfee.
"For us visibility has only happened in the last week or so, and I would suspect law enforcement may have only happened once they had a bigger understanding of the problem," Day told IT PRO.
There were a number of indicators that the hackers were from China, although these were not guarantees, Day said.
Firstly, the individual responsible for providing the command and control centre infrastructure was located in the Shandong Province.
McAfee also discovered all of the identified data theft activity occurred from Beijing-based IP addresses and was carried out within the victim companies on weekdays between 09:00 and 17:00 Beijing time.
Furthermore, the hacking tools used in the attacks were of Chinese origin and can be bought together on Chinese underground hacking forums.
Part of the password string to get to the remote access control service contained the word China' in it as well, but this could just be a red herring, Day said.
"What seems very evident to us is that they weren't being very careful about covering up their tracks," he added.
"You have to question whether that was an intentional thing or was that accidental."
Whilst it seems the attacks were the doing of a centrally-organised body, members could have been spread across the globe, Day said.
In This Article
Staying ahead of the game in the world of data
Create successful marketing campaigns by understanding your customers betterDownload now
Remote working 2020: Advantages and challenges
Discover how to overcome remote working challengesDownload now
Keep your data available with snapshot technology
Synology’s solution to your data protection problemDownload now
After the lockdown - reinventing the way your business works
Your guide to ensuring business continuity, no matter the crisisDownload now