Chinese Hackers Targeted a Dozen Oil Companies in U.S. Kazakhstan, Taiwan, and Greece: McAfee
Posted by Author on February 10, 2011
By Sara Yin, PC Magazine, Feb. 10, 2010-
Highly skilled hackers in China have been stealing information from Western oil and gas companies since at least November 2009, according to a white paper from McAfee.
The cybercriminals compromised servers in the United States and Netherlands to infiltrate oil, gas, and petrochemical companies in the United States, Kazakhstan, Taiwan, and Greece. Roughly a dozen companies were penetrated, with five firms confirming the attacks, the report said.
McAfee has nicknamed the coordinated attacks “Night Dragon” for its Chinese origins.
“Well-coordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise,” wrote McAfee’s global CTO, George Kurtz, in a blog post. “These targets have now moved beyond the defense industrial base, government, and military computers to include global corporate and commercial targets.”
The attacks came from several locations in China and most were carried out during weekday office hours, implying the hackers are fully employed office workers rather than amateurs.
The attacks involved a combination of social engineering, exploitation of Microsoft Windows vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) to successfully obtain information on the operations and financing of oil and gas fields, the report said.
First the hackers broke into servers by injecting a malicious code in Structured Query Language (SQL), the computer language used for large-scale databases (read about how a hacker used SQL injection to steal credit card information in the biggest online theft case in U.S. history.) Then they sent bogus e-mails to dupe recipients using employee laptops into submitting confidential information, a social engineering technique known as spear-phishing. The hackers also compromised corporate VPN accounts to reach the company’s defense architecture.
Finally, the hackers were able to use privately developed remote administration tools (RATs), which mimic the functions of Citrix and Microsoft Windows, to control infiltrated systems.
On numerous occassions China has been accused of hacking into Western IT systems. While Western governments usually report the security breaches, affected companies are more likely to try to cover up an infiltration, the report says.
Last December, a U.S. State Department cable exposed by WikiLeaks claimed that the Chinese Politburo had ordered the cyberattacks on Google.
Sorry, the comment form is closed at this time.