Sign up for a new account or log in here:
also @ TechSpot: AMD A4-5000 Review: the affordable ultraportable APU
The attackers gained access and stole secrets, specifically targeting documents about oil exploration and bidding contracts, via a combination of con tricks, computer vulnerabilities, and weak security controls. The Night Dragon attacks used to break into all the networks were built around code and tools widely available in the dark corners of the Internet; while not particularly sophisticated, they were still very effective.
The Night Dragon operation was made up of methodical and progressive intrusions into the targeted infrastructure, and can be broken down into five basic activities:
- Company extranet web servers compromised through SQL-injection techniques, allowing remote command execution
- Commonly available hacker tools are uploaded on compromised web servers, allowing attackers to pivot into the company's intranet and giving them access to sensitive desktops and servers internally
- Using password cracking and pass-the-hash tools, attackers gain additional usernames and passwords, allowing them to obtain further authenticated access to sensitive internal desktops and servers
- Initially using the company's compromised web servers as command and control (C&C) servers, the attackers discovered that they needed only to disable Microsoft Internet Explorer (IE) proxy settings to allow direct communication from infected machines to the Internet
- Using the RAT malware, they proceeded to connect to other machines (targeting executives) and exfiltrating email archives and other sensitive document
"These attacks have involved social engineering, spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations," according to the report. "We have identified the tools, techniques, and network activities used in these continuing attacks—which we have dubbed Night Dragon—as originating primarily in China. Through coordinated analysis of the related events and tools used, McAfee has determined identifying features to assist companies with detection and investigation. While we believe many actors have participated in these attacks, we have been able to identify one individual who has provided the crucial C&C infrastructure to the attackers."
User Comments: 9
Got something to say? Post a comment-
What the heck is a "spearphishing" attack?
-
TomSEA said:
What the heck is a "spearphishing" attack?
Targeted versions of phishing attacks.
-
I see - thanks. Odd name though.
-
China is like a plague infested rat.
It infected Tibet, Taiwan and Hong Kong first and is now quickly spreading across the rest of the world.
In it's latest guise its main vectors are the greedy businessmen and politicians of the world along with the ignorant tasteless plastic loving consumers.
There is discussion as to from who China got its infections. Experts say the freedom and dissent crushing antics came in from the former Soviet Union after the second world war. It is said that the greed was imported on a ship from across the Atlantic.
-
Guest said:
There is discussion as to from who China got its infections. Experts say the freedom and dissent crushing antics came in from the former Soviet Union after the second world war. It is said that the greed was imported on a ship from across the Atlantic.
Who said that? They obviously weren't bright because China is on the Pacific Rim.
-
With a population of 1 billion and numerous ethnic groups and dialects, pretty much every generalisation about China is wrong, including this one.
-
These attacks are too well organized and mostly likely funded to be the work of individual or small groups of hackers. As in previous attacks, this one also appears to have originated from China. Whether or not these attacks have the imprimatur of any national government, there are enough indications that these are state-sponsored activities.
-
In a country where the internet is torturously monitored and censored you can be quite confident that any coordinated long term attacks originating thereof are, at a bare minimum, condoned by the Chinese government.
Chinese people are wonderful but the Chinese regime has been building, protecting and enforcing its own delusional identity for so many years now that it has become the epitome of the expression "blind ambition" and is doing great damage to any hope of a healthy, happy future for its people or this planet.
The slogans of the Chinese government could easily be "Pride Trumps All Other Values Including Life And Love" and "Lying and deceit are virtues when it promotes Chinese state ambitions"
In the too distant past China was bastion of creativity in the Arts, Sciences and Spirituality. Now it is just a parrot for superficial materialism and power for its own sake.
Instead of moving the world forward it is quite sadly the poster child for ignorance. I feel badly for the Chinese people who's individual lives are no more important to their government than a name of a piece of paper. A resource to be used, misused, marginalized and discarded at whim. The definition of justice in China is "does the action support the ambitions of the Chinese government" and no more.
-
Guest said:
China is like a plague infested rat.
It infected Tibet, Taiwan and Hong Kong first and is now quickly spreading across the rest of the world.
In it's latest guise its main vectors are the greedy businessmen and politicians of the world along with the ignorant tasteless plastic loving consumers.
There is discussion as to from who China got its infections. Experts say the freedom and dissent crushing antics came in from the former Soviet Union after the second world war. It is said that the greed was imported on a ship from across the Atlantic.
I see you how could be thinking and i could see your point of view but your comment sounded a bit racist. I don't assume that you would enjoy someone talking about your country like that.
Most Popular
| Trending | Featured |
Featured on Routers
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.