Night Dragon: Chinese hackers attacked global energy firms

By on February 11, 2011, 3:46 PM
Since November 2009, hackers likely from China have been targeting networks of at least a dozen multinational oil, gas, and petrochemical companies as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the US. Five firms confirmed the attacks. The details come from a report titled Global Energy Cyberattacks: "Night Dragon" (PDF) by security firm McAfee.

The attackers gained access and stole secrets, specifically targeting documents about oil exploration and bidding contracts, via a combination of con tricks, computer vulnerabilities, and weak security controls. The Night Dragon attacks used to break into all the networks were built around code and tools widely available in the dark corners of the Internet; while not particularly sophisticated, they were still very effective.

The Night Dragon operation was made up of methodical and progressive intrusions into the targeted infrastructure, and can be broken down into five basic activities:

  • Company extranet web servers compromised through SQL-injection techniques, allowing remote command execution
  • Commonly available hacker tools are uploaded on compromised web servers, allowing attackers to pivot into the company's intranet and giving them access to sensitive desktops and servers internally
  • Using password cracking and pass-the-hash tools, attackers gain additional usernames and passwords, allowing them to obtain further authenticated access to sensitive internal desktops and servers
  • Initially using the company's compromised web servers as command and control (C&C) servers, the attackers discovered that they needed only to disable Microsoft Internet Explorer (IE) proxy settings to allow direct communication from infected machines to the Internet
  • Using the RAT malware, they proceeded to connect to other machines (targeting executives) and exfiltrating email archives and other sensitive document

"These attacks have involved social engineering, spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations," according to the report. "We have identified the tools, techniques, and network activities used in these continuing attacks—which we have dubbed Night Dragon—as originating primarily in China. Through coordinated analysis of the related events and tools used, McAfee has determined identifying features to assist companies with detection and investigation. While we believe many actors have participated in these attacks, we have been able to identify one individual who has provided the crucial C&C infrastructure to the attackers."





User Comments: 9

Got something to say? Post a comment
TomSEA TomSEA, TechSpot Chancellor, said:

What the heck is a "spearphishing" attack?

Emil said:

TomSEA said:

What the heck is a "spearphishing" attack?

Targeted versions of phishing attacks.

TomSEA TomSEA, TechSpot Chancellor, said:

I see - thanks. Odd name though.

Guest said:

China is like a plague infested rat.

It infected Tibet, Taiwan and Hong Kong first and is now quickly spreading across the rest of the world.

In it's latest guise its main vectors are the greedy businessmen and politicians of the world along with the ignorant tasteless plastic loving consumers.

There is discussion as to from who China got its infections. Experts say the freedom and dissent crushing antics came in from the former Soviet Union after the second world war. It is said that the greed was imported on a ship from across the Atlantic.

DokkRokken said:

Guest said:

There is discussion as to from who China got its infections. Experts say the freedom and dissent crushing antics came in from the former Soviet Union after the second world war. It is said that the greed was imported on a ship from across the Atlantic.

Who said that? They obviously weren't bright because China is on the Pacific Rim.

Guest said:

With a population of 1 billion and numerous ethnic groups and dialects, pretty much every generalisation about China is wrong, including this one.

fpsgamerJR62 said:

These attacks are too well organized and mostly likely funded to be the work of individual or small groups of hackers. As in previous attacks, this one also appears to have originated from China. Whether or not these attacks have the imprimatur of any national government, there are enough indications that these are state-sponsored activities.

Guest said:

In a country where the internet is torturously monitored and censored you can be quite confident that any coordinated long term attacks originating thereof are, at a bare minimum, condoned by the Chinese government.

Chinese people are wonderful but the Chinese regime has been building, protecting and enforcing its own delusional identity for so many years now that it has become the epitome of the expression "blind ambition" and is doing great damage to any hope of a healthy, happy future for its people or this planet.

The slogans of the Chinese government could easily be "Pride Trumps All Other Values Including Life And Love" and "Lying and deceit are virtues when it promotes Chinese state ambitions"

In the too distant past China was bastion of creativity in the Arts, Sciences and Spirituality. Now it is just a parrot for superficial materialism and power for its own sake.

Instead of moving the world forward it is quite sadly the poster child for ignorance. I feel badly for the Chinese people who's individual lives are no more important to their government than a name of a piece of paper. A resource to be used, misused, marginalized and discarded at whim. The definition of justice in China is "does the action support the ambitions of the Chinese government" and no more.

assermitwally said:

Guest said:

China is like a plague infested rat.

It infected Tibet, Taiwan and Hong Kong first and is now quickly spreading across the rest of the world.

In it's latest guise its main vectors are the greedy businessmen and politicians of the world along with the ignorant tasteless plastic loving consumers.

There is discussion as to from who China got its infections. Experts say the freedom and dissent crushing antics came in from the former Soviet Union after the second world war. It is said that the greed was imported on a ship from across the Atlantic.

I see you how could be thinking and i could see your point of view but your comment sounded a bit racist. I don't assume that you would enjoy someone talking about your country like that.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.