Security researchers at McAfee have sounded an alarm for what is described as "coordinated covert and targeted cyberattacks" against global oil, energy, and petrochemical companies.
McAfee said the attacks begain November 2009 and combined several techniques -- social engineering, spear phishing and vulnerability exploits -- to load custom RATs (remote administration tools) on hijacked machines.
The attacks, which McAfee tracked to China, allowed intruders to target and harvest sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations.
We have identified the tools, techniques, and network activities used in these continuing attacks—which we have dubbed Night Dragon—as originating primarily in China. Through coordinated analysis of the related events and tools used, McAfee has determined identifying features to assist companies with detection and investigation. While we believe many actors have participated in these attacks, we have been able to identify one individual who has provided the crucial C&C infrastructure to the attackers.
The company released a white paper to outline the attacks, which included the use of SQL injection and password cracking techniques.
A brief synopsis:
McAfee's researchers discovered that several locations in China leveraged C&C servers on purchased hosted services in the United States and compromised servers in the Netherlands to wage the attacks.
Targets included global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States.