Hackers from China Have Compromised Global Oil Companies, McAfee Reports

Bob Styran, IT audit expert
February 11, 2011 /

Since November 2009, hackers from China have launched coordinated covert and targeted cyberattacks against global oil companies to steal “sensitive competitive proprietary operations and project-financing information,” security firm McAfee said in a report.

These hackers have been using social engineering, spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the remote administration tools (RATs) to targret the systems of oil companies.

“Through coordinated analysis of the related events and tools used, McAfee has determined identifying features to assist companies with detection and investigation,” McAfee said.

While many actors have taken part in the cyber attacks, McAfee was able to identify one method used by hackers.

McAfee said the Night Dragon attacks work by methodical and progressive intrusions into the targeted infrastructure.

“Attackers using several locations in China have leveraged C&C servers on purchased hosted services in the United States and compromised servers in the Netherlands” to attack global oil companies, according to the report.

“The primary operational technique used by the attackers comprised a variety of hacker tools, including privately developed and customized RAT tools that provided complete remote administration capabilities to the attacker. RATs provide functions similar to Citrix or Microsoft Windows Terminal Services, allowing a remote individual to completely control the affected system,” it added.

McAfee said attackers first “compromised perimeter security controls by injecting exploited SQL of extranet web servers, as well as targeted spear-phishing attacks of mobile worker laptops, and compromising corporate VPN accounts” to breach the oil companies’ “defensive architectures (DMZs and firewalls) and conduct reconnaissance of targeted companies’ networked computers.”

Late in November 2010, Wikileaks revealed that China was responsible for the attacks launched against Google earlier last year.

According to Wikileaks, Chinese government had hired operatives, private security experts, and hackers to wage its computer sabotage against Google.

However, the US government did not point its fingers to the Chinese government for the hacking, saying no evidence possibly manifested involvement of China.

 

Share your opinion