Exxon, Shell, BP hacked in Night Dragon attacks

IT security firm McAfee reported on 10 February that the attacks had resulted in the loss of project-financing information relating to oil and gas field bids and operations.

McAfee said the attacks started in November 2009, but it did not identify the oil companies that were affected.

"We have identified the tools, techniques, and network activities used in these continuing attacks, which we have dubbed "Night Dragon," as originating primarily in China," McAfee said.

The hacked companies also include Marathon Oil, ConocoPhillips and Baker Hughes, according to Bloomberg, citing company sources and investigators who asked not to be identified because of the confidential nature of the matter.

In some of the cases, hackers had undetected access to company networks for more than a year, according to Greg Hoglund, chief executive officer of security firm HBGary, which investigated some of the security breaches at oil companies.

Legal information, information on deals and financial information are all things that appear to be getting targeted, he said, describing the attacks as industrial espionage.

The McAfee report said the hackers used tools common in Chinan's underground hacking forums, but it did not link the "Night Dragon" attack directly to the Chinese government.

McAfee said investigators had traced the hackers' command-and-control operations to servers operated by a company in China's Heze City in Shandong province.

But the company said it was not aware of any hacking taking place from its servers, and claimed always to verify the activities of those who rent server space.
 

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?