February 10, 2011, 9:56 PM — A hacking operation dubbed 'Night Dragon' has targeted energy organizations, using tried-and-tested intrusion methods to steal intellectual property related to oil field exploration and bidding plans, according to security company, McAfee.
The attacks used a combination of social engineering, spear-phishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises and remote administration tools to target and harvest commercial information. Perhaps more disturbingly, they also targeted individual executives within the companies.
McAfee chief technology officer for Asia-Pacific, Mike Sentonas, said although the techniques used are not new, the attack was well organised and targeted.
"We have been working with five organisations under a non-disclosure agreement," he said. "We traced the information back to a server in China that was hosting some of the malware and noticed the active IP addresses were coming out of Beijing."
Due to the non-disclosure agreement, McAfee will not comment on the companies involved. But the vendor said that although many actors participated in the attacks, it has identified one individual who has provided the crucial infrastructure to the attackers.
Although the attacks have been traced to China, Sentonas said it doesn't mean the attack couldn't have come from another country, nor that it is condoned by the government.
McAfee was working with the organisations on unrelated security matters when it discovered the threat.
"The professional services team had some regular engagements with the organisations and they came across this quite some time ago. We have since been gathering a significant amount of information," he said.
Night Dragon highlights how security is fast becoming a boardroom issue, no longer simply the domain of the IT department.
"If you look at the Google attacks made public last year and the Stuxnet worm, I think that shows the seriousness of these issues," Sentonas said.
It also shows that the critical infrastructure security of enterprise still has a ways to go, he said.
"While it was well-coordinated, the methods of attack are not new. They used basic techniques that have been able to be protected against for several years now."
McAfee has made tools for IT professional to download and is also pushing its commercial products which Sentonas said provided "zero day protection" against the threats.