Sign up for a new account or log in here:
The attackers gained access and stole secrets, specifically targeting documents about oil exploration and bidding contracts, via a combination of con tricks, computer vulnerabilities, and weak security controls. The Night Dragon attacks used to break into all the networks were built around code and tools widely available in the dark corners of the Internet; while not particularly sophisticated, they were still very effective.
The Night Dragon operation was made up of methodical and progressive intrusions into the targeted infrastructure, and can be broken down into five basic activities:
"These attacks have involved social engineering, spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations," according to the report. "We have identified the tools, techniques, and network activities used in these continuing attacks—which we have dubbed Night Dragon—as originating primarily in China. Through coordinated analysis of the related events and tools used, McAfee has determined identifying features to assist companies with detection and investigation. While we believe many actors have participated in these attacks, we have been able to identify one individual who has provided the crucial C&C infrastructure to the attackers."
Get free exclusive content, learn about new features and breaking tech news.