McAfee has released a report titled "Global Energy Cyberattacks: Night Dragon” which details a long term systematic data stealing operation conducted against unnamed energy companies.
According to the report, the operation lasted for as long as four years and resulted in the disclosure of proprietary information and intellectual property.
The attacks focused on the energy companies' websites and employed a mixture of tactics including technical exploits and social engineering.
The attacks are assumed to have been conducted from China based on the location of the IP addresses used, and the tools employed in the operation are known to be common Chinese hacking software.
McAfee's George Kurtz blogged:
"We have also taken a close look at who might be behind these attacks. We have strong evidence suggesting that the attackers were based in China. The tools, techniques, and network activities used in these attacks originate primarily in China. These tools are widely available on the Chinese Web forums and tend to be used extensively by Chinese hacker groups.McAfee has determined identifying features to assist companies with detection and investigation."
The report speculates that the operation was conducted by employees working on regular day-shifts based on the fact that the intrusions were conducted during standard commercial work hours.
Kurtz also writes that operations like "Night Dragon" are increasing if frequency.
"Well-coordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise. These targets have now moved beyond the defense industrial base, government, and military computers to include global corporate and commercial targets."