Hackers in China are causing havoc among computer systems of five multinational oil and gas companies, according to a new report by McAfee.
Security outfits have warned that this type of attack could get lot worse as multinationals continue to prod the Chinese government.
McAfee said in its Night Dragon whitepaper that hackers have stolen bidding plans and other critical proprietary information. This can be used to detrimental effect and give competitors an advantage.
It could not name the five petrochemical and oil companies as it says they are clients.
George Kurtz, CTO, said in a blog post: “We have strong evidence suggesting that the attackers were based in China. The tools, techniques, and network activities used in these attacks originate primarily in China. These tools are widely available on the Chinese Web forums and tend to be used extensively by Chinese hacker groups.”
He warns that well-coordinated, targeted attacks such as Night Dragon are “orchestrated by a growing group of malicious attackers committed to their targets,” and “are rapidly on the rise.”
Kurtz adds that targets have now “moved beyond the defence industrial base, government, and military computers to include global corporate and commercial targets.”
This was a sentiment shared by a top security expert, who does not wish to be named, who warns that attacks will get worse unless companies find a way to strongly secure files and networks.
“It’s no secret hackers are getting smarter and China is a breeding ground for people who want to use their talents for malicious gain or, in their eyes, to teach money making corporations, or those that they see as ‘unethical,’ a lesson.”
Soon multinationals that are seen to cross a line, “or dare I say the Chinese government, could see a similar hack. We expect attacks to expand to utility companies – something that has already begun – and to phone networks.”
The hack was traced back to China via a server leasing company in Shandong Province that hosted the malware and to Beijing IP addresses that were active from 9 a.m. to 5 p.m. Beijing time.
According to McAfee the hackers wormed their way into the computers of companies based in Kazakhstan, Taiwan, Greece and the United States through one of two ways. Either through a public website, or through infected emails sent to company executives. Once the hackers were in they would install remote administration software that gave them complete control of the systems.
And they’ve been playing the game for at least two to four years, using their way in to grab
financial documents related to oil and gas field exploration and bidding contracts.