According to McAfee, Chinese hackers have been attempting to penetrate the global energy industry in a series of attacks dubbed “Night Dragon”:
Starting in November 2009, covert cyberattacks were launched against several global oil, energy, and petrochemical companies. The attackers targeted proprietary operations and project-financing information on oil and gas field bids and operations. This information is highly sensitive and can make or break multibillion dollar deals in this extremely competitive industry.
The attackers would start by trying to gain access to external web servers. Once in, they pivot into sensitive internal servers and desktop and deploy hacker tools. Next they would begin to siphon user names and passwords, and collect any documents available. Finally, they extract the sensitive data directly from the inside by having the infected machines connect out to hacker controlled command and control systems.
The attacks being used are a combination of social engineering, exploits, and remote attack tools.
This really shows how cyber crime has evolved over the years. Hackers are exploiting systems to gain access to the files and correspondence of corporate executives. This information obtained could be anything from business transactions to new oil field information. Once obtained, the hackers use or resell this information for profit.
As of now, all evidence of the “Night Dragon” attacks seem to point back at China. And the attacks show no sign of letting up.