Chinese hackers target oil, gas majors in growing cyber-attack

 

London (Platts)--10Feb2011/936 am EST/1436 GMT

Hackers in China have infiltrated the computer systems of several oil and gas majors for over two years stealing sensitive information on oil and gas field operations and assets bids, according to a report by cyper-security firm McAfee Thursday.

Starting in November 2009, covert cyber attacks were launched against a number global oil, energy, and petrochemical companies, in an increasingly common form of corporate-focused cyber attack, which McAfee dubbed as "Night Dragon".

In the attacks, hackers compromised servers in the US and the Netherlands to wage attacks against the companies or sent infected emails sent to company executives in Kazakhstan, Taiwan, Greece, and the US to acquire "proprietary and highly confidential information."

Once the hackers were inside the companies' IT systems they would install remote administration software that gave them complete control of the systems, McAfee said.

The hackers targeted proprietary operations and project-financing information on oil and gas field bids and operations, information that is "highly sensitive and can make or break multibillion dollar deals in this extremely competitive industry."

McAfee declined to name the companies affected by the attacks as some are its clients.

The security company said it believes many actors participated in the attacks, but identified one Chinese-based individual who has provided the crucial infrastructure to the attackers.

The individual is based in Heze City, Shandong Province, China, and runs a company that -according to the company?s advertisements- provides hosted servers in the US with "no records kept," McAfee said.

The "Night Dragon" exploited vulnerabilities in Microsoft Windows operating systems and remote administration tools to copy and extract information, according to the report.

In a blog post, McAfee's chief technology officer George Kurtz warns that this type of cyber attack on multinationals is likely to increase.

"Well-coordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise," Kurtz said. "These targets have now moved beyond the defense industrial base, government, and military computers to include global corporate and commercial targets."

One of the most prevalent remote administration tools used to infiltrate IT systems is "zwShell," which McAfee said it has seen in the wild since the spring of 2010.

--Robert Perkins, robert_perkins@platts.com

To subscribe or visit go to:  http://www.platts.com
The McGraw-Hill Companies