China-based hackers targeted oil, energy companies in 'Night Dragon' cyber attacks, McAfee says
China-based hackers may have been stealing sensitive information from several international oil and energy companies for as long as four years, cyber-security firm McAfee Inc. said in a report Thursday.
The company said it traced the "coordinated covert and targeted cyberattacks" back to at least November 2009 and that victims included companies in the U.S., Taiwan, Greece and Kazakhstan. McAfee has dubbed the security breach "Night Dragon."
McAfee said the hackers, using techniques and tools originating in China and often found on Chinese hacking forums, grabbed details about company operations, project financing and bidding that "can make or break multibillion dollar deals."
Operating through servers in the U.S. and the Netherlands, the company said, the hackers exploited vulnerabilities in the Microsoft Windows operating system. Techniques included social engineering, spear-phishing, Active Directory compromises and remote administration tools, or RATs.
Although elaborate, Santa Clara-based McAfee said the hacking method was "relatively unsophisticated." And because most of the Night Dragon attacks originated between 9 a.m. and 5 p.m. Beijing time on weekdays, the cyber-security firm said it suspects that the hacking was not the work of freelancers.
-- Tiffany Hsu [follow]
Photo: Steps involved in the Night Dragon attacks. Credit: McAfee