A hacking operation dubbed ‘Night Dragon’ has targeted energy utilities, using tried-and-tested intrusion methods to steal intellectual property related to oil and gas field exploration and bidding plans, according to security company McAfee.
The attacks used a combination of social engineering, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises and remote administration tools to target and harvest commercial information. According to the security company, the hacking operation also utilised ‘spear phishing’ attacks, or more targeted versions of typical phishing ploys. Perhaps more disturbingly, they also targeted individual executives within the companies.
McAfee chief technology officer for Asia Pacific, Mike Sentonas, said although the techniques used are not new, the attack was well organised and targeted.
“We have been working with five organisations under a non-disclosure agreement,” he said. “We traced the information back to a server in China that was hosting some of the malware and noticed the active IP addresses were coming out of Beijing.”
Due to the non-disclosure agreement, McAfee will not comment on the companies involved. But the vendor said that although many actors participated in the attacks, it has identified one individual who provided the crucial infrastructure to the attackers.
Although the attacks have been traced to China, Sentonas said it doesn’t mean the attack couldn’t have come from another country, nor that it is condoned by the government.
McAfee was working with the organisations on unrelated security matters when it discovered the threat.
“The professional services team had some regular engagements with the organisations and they came across this quite some time ago. We have since been gathering a significant amount of information,” he said.
McAfee estimates up to a dozen companies have been attacked.
Night Dragon highlights how security is fast becoming a boardroom issue, no longer simply the domain of the IT department. The tools and techniques identified within Night Dragon could successfully target any industry.
“If you look at the Google attacks made public last year and the Stuxnet worm, I think that shows the seriousness of these issues,” Sentonas said.
It also shows that the critical infrastructure security of enterprise still has a way to go, he said.
“While it was well-coordinated, the methods of attack are not new. They used basic techniques that have been able to be protected against for several years now.”
McAfee has made tools for IT professional to download and is also pushing its commercial products which Sentonas said provided “zero day protection” against the threats.
Follow Georgina Swan on Twitter: @swandives
Follow CIO Australia on Twitter: @CIO_Australia