China-based hackers targeted oil, energy companies in ‘Night Dragon’ cyber attacks, McAfee says

This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

China-based hackers may have been stealing sensitive information from several international oil and energy companies for as long as four years, cyber-security firm McAfee Inc. said in a report Thursday.

The company said it traced the ‘coordinated covert and targeted cyberattacks’ back to at least November 2009 and that victims included companies in the U.S., Taiwan, Greece and Kazakhstan. McAfee has dubbed the security breach ‘Night Dragon.’

McAfee said the hackers, using techniques and tools originating in China and often found on Chinese hacking forums, grabbed details about company operations, project financing and bidding that ‘can make or break multibillion dollar deals.’

Operating through servers in the U.S. and the Netherlands, the company said, the hackers exploited vulnerabilities in the Microsoft Windows operating system. Techniques included social engineering, spear-phishing, Active Directory compromises and remote administration tools, or RATs.


Although elaborate, Santa Clara-based McAfee said the hacking method was ‘relatively unsophisticated.’ And because most of the Night Dragon attacks originated between 9 a.m. and 5 p.m. Beijing time on weekdays, the cyber-security firm said it suspects that the hacking was not the work of freelancers.


Chinese hacking of Indian security data raises alarm

China says it shut down online academy for hackers

Google may leave China in wake of hacker attacks

-- Tiffany Hsu [follow]