Categories: SecurityWorkspace

Chinese Night Dragon Attack Hits Energy Companies

The world’s energy companies are under a concerted cyber-attack from China, dubbed Night Dragon, which is taking control of internal servers for industrial espionage, according to security firm McAfee.

The attacks, which started in November 2009, use social engineering, spearphishing attacks and Microsoft Windows operating system vulnerabilities, as well as remote administration tools (RATs), to harvest competitive information on issues such as oil and gas field bids and operations, according to a white paper released today by McAfee.

Oil companies are under attack

“McAfee has identified the tools, techniques and network activities used in these attacks, which continue on to this day,” said McAfee CTO George Kurtz in a blog post.

The attacks use “standard host administration techniques that utilize administrative credentials,” said Kurtz. “This is largely why they are able to evade detection by standard security software and network policies.”

However, McAfee has correlated the effects and reckons there is a concerted effort, and has updated signatures to look for Night Dragon. “We can now associate the various signatures that we have seen in these attacks to this particular event called Night Dragon,” said Kurtz.

Once one system has been compromised, the attackers use conventional administration tools, and RATs such as Gh0st and zwShell to exploit that machine, distribute Trojans, and download account hashes from which passwords can eventually be extracted with tools like Cain & Abel.

McAfee has confirmed five large companies which are victims of Night Dragon attacks, and estimates up to a dozen companies are affected – but is not free to name the victims.

Espionage, not cyber war

McAfee’s report describes espionage, rather than cyber-war, but lends weight to fears of concerted attacks, which have been expressed by the OECD, by Defence Minister Nick Harvey, and by the boss of the government snooping station GCHQ.

McAfee will talk more about the attack, at the RSA conference in San Francisco.

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Amazon Workers In North Carolina To Vote On Unionisation

E-commerce giant faces another unionisation move, with workers at North Carolina warehouse set to vote…

11 hours ago

Blue Origin Preps New Glenn Rocket For Sunday Launch

Jeff Bozos challenge to SpaceX's Falcon-9 heavy lift rocket, the New Glenn rocket, to make…

16 hours ago

Google Donates $1 Million To Donald Trump Inauguration Fund

Bending the knee continues from the tech industry, as Alphabet's Google becomes latest to make…

1 day ago

Microsoft Confirms Job Cuts Based On Performance

Software and cloud giant Microsoft confirms it is cutting a small percentage of jobs across…

2 days ago