Beginning in November 2009 "cyberattacks were launched against several global oil, energy and petrochemical companies," McAfee Labs Chief Technology Officer George Kurtz wrote in a Wednesday blog post introducing the firm's white paper on its investigation of the attacks. The attacks, which the security firm is calling "Night Dragon," are believed to have originated in China.
"The attackers targeted proprietary operations and project-financing information on oil and gas field bids and operations," Kurtz wrote. "This information is highly sensitive and can make or break multi-billion dollar deals in this extremely competitive industry..."
The white paper said the firm has "determined that all of the identified data exfiltration activity occurred from Beijing-based IP [internet protocol] addresses and operated inside the victim companies weekdays from 9 a.m. to 5 p.m. Beijing time, which also suggests that the involved individuals were 'company men' working on a regular job, rather than freelance or unprofessional hackers. In addition, the hackers employed hacking tools of Chinese origin and that are prevalent on Chinese underground hacking forums."
Night Dragon attacks focused specifically on the energy sector, the white paper said. According to the McAfee white paper, the names of five of the victim firms are known, although it would not identify them; another seven unknown firms may have been victims.
The energy patch runs on deal-making, even in down times, and North American shale natural gas assets have been of great interest to Chinese companies, with multiple deals being struck over the last year or so. For instance, PetroChina International Ltd. and Encana Corp. have just made a multi-billion-dollar deal (see Daily GPI, Feb. 10), and Chesapeake Energy Corp. is becoming a frequent business partner of Chinese interests (see Daily GPI, Feb. 3).
However, the McAfee white paper does not name names; it is more focused on how the attacks have occurred and what can be done to stop them.
"McAfee has identified the tools, techniques, and network activities used in these attacks, which continue on to this day. These attacks have involved an elaborate mix of hacking techniques including social engineering, spear-phishing, Windows exploits, active directory compromises, and the use of remote administration tools (RAT)," Kurtz wrote.
While the tools might sound sophisticated, Kurtz said they are not, noting that the anti-virus software firm has been writing about them since 1999.
"Well-coordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise," Kurtz wrote. "These targets have now moved beyond the defense industrial base, government and military computers to include global corporate and commercial targets."
©Copyright 2011 Intelligence Press Inc. All rights reserved. The preceding news report may not be republished or redistributed, in whole or in part, in any form, without prior written consent of Intelligence Press, Inc.