China's Night Dragons go after the oil companies

EXECUTIVES in Kazakhstan, Greece, Taiwan and the US have been targeted by Chinese hackers known as the Night Dragons as part of a wider assault on the petrochemical industry.

According to McAfee, the Night Dragons use US purchased hosted services and compromised Dutch servers to attack extranet web servers with SQL-injection and compromise corporate VPN acounts with the help of infected email with remote administration tools (RAT).

Once in, local administrator and active directory administrator accounts were compromised, while backdoors were also implanted with reverse proxies and Trojans. Zwshell is one RAT that has been identified by McAfee. This generates dozens of Trojan variants to take control of machines and exfiltrate data.

Attacks with these methods, according to McAfee, obtained "files of interest focused on operational oil and gas field production systems and financial documents related to field exploration".

McAfee describes the methods used as "relatively unsophisticated", yet they work and it has taken the security industry some time to put two and two together after two years of activity by the Night Dragons. The apparent ease with which these hackers have obtained data shows what a parlous state so much of so-called computer security is in. µ