McAfee has published a new report that details a string of cyberattacks targeting global oil, energy and petrochemical companies. Dubbed “Night Dragon” by the security company, the attacks have been on its radar since November, 2009. While hackers have used a wide assortment of hacking techniques for attacking these companies in a very “targeted” fashion, McAfee’s vice president of threat research Dmitri Alperovitch described the hackers themselves as being
sloppy, unsophisticated and mistake prone.
“Attackers using several locations in China have leveraged C&C servers on purchased hosted services in the United States and compromised servers in the Netherlands to wage attacks against global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information,” reads the
19-page McAfee report
detailing the Night Dragon attacks.
There seems to be a plethora of evidence establishing the Chinese origin of these cyberattacks, including the IP addresses of the attackers and the use of Chinese-language hacking tools. In fact, the security firm has been able to identify a key individual “who has provided the crucial C&C infrastructure to the attackers — this individual is based in Heze City, Shandong Province, China.” While the report does not name him directly, it does provide a few details bout his company which provides “Hosted Servers in the U.S. with no records kept.”