Large Energy Companies Targeted by Chinese Hackers

Security giant McAfee reports that a series of cyber attacks originating in China have specifically targeted global oil, energy and petrochemical companies for the past two years.

In a newly published white paper, the company's researchers describe the exact process through which the companies were attacked in what they dubbed operation Night Dragon.

"These attacks have involved an elaborate mix of hacking techniques including social engineering, spear-phishing, Windows exploits, Active Directory compromises, and the use of remote administration tools (RATs)," says George Kurtz, McAfee's chief technology officer.

Attackers usually started by exploiting an SQL injection vulnerability in order to compromise the target's Internet facing Web server and achieve remote command execution.

Using common tools, the hackers then began jumping to intranet systems and cracked hashed passwords in order to obtain further access.

The purpose of the attacks was to infect the systems of company executives with remote administration tools (RATs) and steal sensitive and confidential information.

The most frequently stolen information was about gas and oil field bids and operations, data companies spent millions of dollars researching.

The security vendor suspects this kind of cyber espionage operations might have been going on for the past four years, but it has clear evidence starting with November 2009.

In January 2010, the Christian Science Monitor reported that in the second half of 2008 and early 2009, several large oil companies were notified by the federal authorities that sensitive information has systematically been stolen from their corporate networks.

In that case too sources familiar with the investigation claimed the attacks originated in China, so the incidents might be related to what McAfee is reporting now.

"While Night Dragon attacks focused specifically on the energy sector, the tools and techniques of this kind can be highly successful when targeting any industry.

"Our experience has shown that many other industries are currently vulnerable and are under continuous and persistent cyberespionage attacks of this type," the McAfee researchers conclude.