McAfee reports cyber attacks on oil, energy, petrochemical majors

Santa Clara, California – Global oil, energy, and petrochemical companies have been the targets of coordinated covert and targeted cyber attacks for the past year, mostly originating from China, IT security form McAfee has reported.

A white paper, titled Global Energy Cyberattacks: “Night Dragon”, by McAfee Foundstone Professional Services and McAfee Labs, said these attacks have involved social engineering, spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises.

The hackers have also used of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations.

We have identified the tools, techniques, and network activities used in these continuing attacks – which we have dubbed Night Dragon – as originating primarily in China, said McAfee.

“While we believe many actors have participated in these attacks, we have been able to identify one individual who has provided the crucial C&C infrastructure to the attackers, the company added.

The indivual, said McAfee runs a company whose US-based leased servers have been used to host a malware application – zwShell C&C – that controlled machines across the victim companies.

Attackers in charge of the C&C server can establish full remote control of the connected machine, said the report. They can also browse the file system, launch command-line shells, manipulate the registry, view the remote desktop, and uninstall the Trojan from the client.