Feb 10 2011

China-based hackers targeted oil, energy companies in ‘Night Dragon’ cyber attacks

Category: cyber securityDISC @ 8:34 pm

Image by lisbokt via Flickr

From the LA Times

China-based hackers may have been stealing sensitive information from several international oil and energy companies for as long as four years, cyber-security firm McAfee Inc. said in a report Thursday.

The company said it traced the “coordinated covert and targeted cyberattacks” back to at least November 2009 and that victims included companies in the U.S., Taiwan, Greece and Kazakhstan. McAfee has dubbed the security breach “Night Dragon.”

McAfee said the hackers, using techniques and tools originating in China and often found on Chinese hacking forums, grabbed details about company operations, project financing and bidding that “can make or break multibillion dollar deals.”

Operating through servers in the U.S. and the Netherlands, the company said, the hackers exploited vulnerabilities in the Microsoft Windows operating system. Techniques included social engineering, spear-phishing, Active Directory compromises and remote administration tools, or RATs.

Although elaborate, Santa Clara-based McAfee said the hacking method was “relatively unsophisticated.” And because most of the Night Dragon attacks originated between 9 a.m. and 5 p.m. Beijing time on weekdays, the cyber-security firm said it suspects that the hacking was not the work of freelancers.

Tags: Active Directory, china, Greece, Kazakhstan, McAfee, Microsoft Windows, phishing, Taiwan