Night Dragon hackers smash energy multinationals
Hackers target global energy firms as they seek to gain insider information, McAfee reveals.
Hackers have used a range of techniques in a dedicated attack against global energy companies, a report has indicated.
An unnamed selection of oil, energy and petrochemical firms have been targeted by cyber criminals in attacks that may have started as long ago as 2007, McAfee said.
Under the so-called Night Dragon operation, the attacks appeared to have been coordinated from a central point, the recently-acquired security firm claimed.
The hackers probed the companies for inside information, such as oil and gas production data, potential areas where the multinationals were looking to work and schematics on how systems worked.
McAfee could not reveal any of the specific details about the firms involved, but noted law enforcement had been brought in to investigate.
Whilst the seemingly coordinated attack has been going on for some time, McAfee was only able to "join the dots" together in recent weeks, said Greg Day, director of security strategy at McAfee.
"For us visibility has only happened in the last week or so, and I would suspect law enforcement may have only happened once they had a bigger understanding of the problem," Day told IT PRO.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Chinese involvement?
There were a number of indicators that the hackers were from China, although these were not guarantees, Day said.
Firstly, the individual responsible for providing the command and control centre infrastructure was located in the Shandong Province.
McAfee also discovered all of the identified data theft activity occurred from Beijing-based IP addresses and was carried out within the victim companies on weekdays between 09:00 and 17:00 Beijing time.
Furthermore, the hacking tools used in the attacks were of Chinese origin and can be bought together on Chinese underground hacking forums.
Part of the password string to get to the remote access control service contained the word China' in it as well, but this could just be a red herring, Day said.
"What seems very evident to us is that they weren't being very careful about covering up their tracks," he added.
"You have to question whether that was an intentional thing or was that accidental."
Whilst it seems the attacks were the doing of a centrally-organised body, members could have been spread across the globe, Day said.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.