McAfee outlines ‘unsophisticated’ Chinese hacks
Security firm McAfee has revealed details of a large scale cyber attacks launched against global energy companies, specifically in the oil and gas industries.
Starting in November 2009 the attacks targeted proprietary operations and project-financing information on oil and gas field bids and operations. McAfee said the highly sensitive nature of these bids can make or break multi-billion dollar bids.
McAfee has dubbed the attacks "Night Dragon" and claims they are likely to have originated in China. "The tools, techniques, and network activities used in these attacks originate primarily in China. These tools are widely available on the Chinese Web forums and tend to be used extensively by Chinese hacker groups," wrote CTO George Kurtz on the firm’s blog.
Hackers used a combination of vectors to access the systems, including social engineering, spear-phishing, Windows exploits, Active Directory compromises, and the use of remote administration tools (RATs).
"While the list above may seem impressive to the layperson, these methods and tools are relatively unsophisticated," warned Kurtz. "The tools simply appear to be standard host administration techniques that utilise administrative credentials. This is largely why they are able to evade detection by standard security software and network policies."
A White Paper released by McAfee goes in to more details about the hacks. The attacks began with a SQL-injection technique, which compromised external web servers. Common hacking tools were then used to access intranets, giving attackers access to internal servers and desktops. Usernames and passwords were then harvested and after disabling Internet Explorer proxy settings, hackers were able to establish direct communication from infected machines to the Internet.
Kurtz went on to explain that attacks similar to this are increasing in number. "Well-coordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise," he wrote. "These targets have now moved beyond the defence industrial base, government, and military computers to include global corporate and commercial targets."
"More and more, these attacks focus not on using and abusing machines within the organisations being compromised, but rather on the theft of specific data and intellectual property," he added. "Focused and efficient define the very essence of today’s attackers.
"[It] is a clear example of how cybercrime has evolved from something of a hobbyist affair to a very professional activity."