Hackers have been targeting the oil and energy industries for four years using ageing and unsophisticated techniques.
McAfee said the attacks – known as “Night Dragon” – were targeting global oil, energy, and petrochemical companies looking for valuable insider information on exploration and financing operations.
However, the hackers weren’t using state-of-the-art, newly written exploits, but fooled security measures with techniques dating back more than a decades, McAfee said.
“These attacks have involved an elaborate mix of hacking techniques, including social engineering, spear-phishing, Windows exploits, Active Directory compromises, and the use of remote administration tools,” said George Kurtz, CEO of McAfee, on the company blog.
“These unsophisticated tools simply appear to be standard host administration techniques that utilise administrative credentials. This is largely why they are able to evade detection by standard security software and network policies.”
According to Kurtz, the hacking had only been noticed through retrospective analysis of the compromised systems.
“Only through recent analysis and the discovery of common artefacts and evidence correlation have we been able to determine that a dedicated effort has been ongoing for at least two years and, likely, as many as four,” he said.
“We have strong evidence suggesting that the attackers were based in China,” he added. “The tools, techniques, and network activities used in these attacks originate primarily in China.”
McAfee said the attacks had focused on collecting specific data and intellectual property that would have a resale value, rather than causing damage to data or hardware.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
