Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Chinese accused of huge 'Night Dragon' attack on energy sector

McAfee blows lid on major cyberttack

Article comments

Chinese hackers have been accused of launching a major cyberattack against Western energy companies that appears to have resulted in the theft of an unknown number of highly sensitive documents.

According to McAfee, which has dubbed the attacks ‘Night Dragon’ in a detailed analysis, the hacking of five unnamed companies in the global oil, energy, and petrochemical sector in a number of countries started in November 2009 and still ongoing.

Using hosts based in The Netherlands and the US, the first layer of the attacks comprised the compromise of extranets and VPNs using SQL injection exploits, the use of Trojan malware targeting the PCs and laptops of employees, and the monitoring of infrastructure such as firewall and other security systems.

All of this is pretty standard stuff as was the next stage of the attacks which was to gain covert admin privileges using old-fashioned remote admin tools (RATs) to penetrate and control key servers.

What stands out is the sheer scale of the attacks described by McAfee and the number and organisation of the participants, all of which are likely to see Night Dragon compared to the politically-charged events that unfolded after the Aurora attacks of 2010, also believed to originate in China.

It’s also clear that the information targeted in these attacks, not to mention the critical sector in which the attacked enterprises operated, will end up with accusations being levelled at the Chinese state.

What did the attackers steal?  “Files of interest focused on operational oil and gas field production systems and financial documents related to field exploration and bidding that were later copied from the compromised hosts or via extranet servers. In some cases, the files were copied to and downloaded from company web servers by the attackers. In certain cases, the attackers collected data from SCADA systems,” reads the McAfee analysis.

McAfee steers away from blaming China outright but the implication is clear – the Chinese government is using cyberattacks to undermine competing interests on a scale only now becoming clear.

It’s also hinted that the activities go beyond the primary energy sector and probably the obvious companies too. The attacks might also have started long before 2009. Night Dragon might only be one part of a large whole.

As in the past, the attackers don’t appear to have covered their tracks well. McAfee describes the evidence of Chinese involvement as “circumstantial” but offers compelling details of how companies and even one unnamed individual in Heze City, Shandong Province played different parts in Night Dragon.

“McAfee has determined that all of the identified data exfiltration activity [from Trojans] occurred from Beijing-based IP addresses and operated inside the victim companies weekdays from 9:00 a.m. to 5:00 p.m,” McAfee documents in almost comic detail.

The RAT tools used were also of Chinese origin although the company stops short of assuming that the developers might have had some involvement.

Night Dragon is a huge coup for McAfee, which doesn't explain in detail how it uncovered that is was happening. Then again, the company was also key in detailing last year's Aurora hack but was later criticised for inaccuracies in its outline of that attack.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *