Hacking attacks from China hit energy companies worldwide - Techist - Tech Forum

Go Back   Techist - Tech Forum > Techist Forum Information > News > The Net
Click Here to Login
Closed Thread
Thread Tools Display Modes
Old 02-10-2011, 09:40 AM   #1 (permalink)
Destroyer of headlines
Megatron's Avatar
Join Date: Dec 2010
Location: Headlines
Posts: 629
Default Hacking attacks from China hit energy companies worldwide

Security researchers at McAfee have sounded an alarm for what is described as “coordinated covert and targeted cyberattacks” against global oil, energy, and petrochemical companies.

McAfee said the attacks begain November 2009 and combined several techniques — social engineering, spear phishing and vulnerability exploits — to load custom RATs (remote administration tools) on hijacked machines.follow Ryan Naraine on twitter

The attacks, which McAfee tracked to China, allowed intruders to target and harvest sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations.

We have identified the tools, techniques, and network activities used in these continuing attacks—which we have dubbed Night Dragon—as originating primarily in China. Through coordinated analysis of the related events and tools used, McAfee has determined identifying features to assist companies with detection and investigation. While we believe many actors have participated in these attacks, we have been able to identify one individual who has provided the crucial C&C infrastructure to the attackers.

The company released a white paper to outline the attacks, which included the use of SQL injection and password cracking techniques.

A brief synopsis:

* Company extranet web servers compromised through SQL-injection techniques, allowing remote command execution.
* Commonly available hacker tools are uploaded on compromised web servers, allowing attackers to pivot into the company’s intranet and giving them access to sensitive desktops and servers internally.
* Using password cracking and pass-the-hash tools, attackers gain additional usernames and passwords, allowing them to obtain further authenticated access to sensitive internal desktops and servers.
* Initially using the company’s compromised web servers as command and control (C&C) servers, the attackers discovered that they needed only to disable Microsoft Internet Explorer (IE) proxy settings to allow direct communication from infected machines to the Internet.
* Using the RAT malware, they proceeded to connect to other machines (targeting executives) and exfiltrating email archives and other sensitive documents.

McAfee’s researchers discovered that several locations in China leveraged C&C servers on purchased hosted services in the United States and compromised servers in the Netherlands to wage the attacks.

Targets included global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States.


Megatron is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Piracy Worldwide. mssssee2 Off Topic Discussion 3 11-01-2007 03:53 PM
Worldwide Yek Forum Admin, Announcements & Feedback 16 01-24-2007 02:20 PM
Web Hacking - Attacks and Defense Osiris Tips, Tricks & Tutorials 0 12-29-2005 09:22 PM

Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 01:25 PM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.