A top Internet security company said on Thursday that hackers working from China have been targeting Western energy companies, stealing sensitive information.
U.S.-based McAfee said in a report that the computers of oil and gas companies in the U.S., Greece, Taiwan and Kazakhstan were targeted in “coordinated, covert and targeted” attacks which began in November 2009.
“We have identified the tools, techniques, and network activities used in these continuing attacks — which we have dubbed Night Dragon — as originating primarily in China,” said the report, published online by McAfee on Thursday.
It said the hackers stole information on operations, bidding for oil fields and financing.
"Starting in November 2009, coordinated covert and targeted cyberattacks have been conducted against global oil, energy, and petrochemical companies," McAfee said in its report.
"These attacks have involved social engineering, spear-phishing attacks [and] exploitation of Microsoft Windows operating systems vulnerabilities," it said.
Spear phishing is an industry jargon for an e-mail spoofing fraud attempt targeting specific organizations for confidential data.
MCAfee said the hackers had used "remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations."
E-mail service
The allegations of cyberattacks from China come after Google Inc. closed its China-based search engine last year amid complaints of cyberattacks from China against its e-mail service.
The Chinese government has denied any involvement in hacker activities, saying it is opposed to them, but Internet security experts say China is a leading center for Internet crime, including industrial spying aimed at major companies.
There are also fears that China’s military, which is a world leader in cyberwarfare techniques, may use the Internet to steal technology.
Officials in the United States, Germany and Britain have all reported hacker attacks linked to China’s military on their government and defense systems.
The hackers had taken advantages of vulnerabilities in Microsoft's Windows operating system, McAfee said in its report.
Computers at the victim companies were controlled remotely by applications hosted on a server in the eastern Chinese province of Shandong, it said.
Mastermind
While an individual service provider had been identified in Heze city, the report said the person was unlikely to have masterminded the operation.
The attacks tended to run during office hours in Beijing, suggesting that they were done on behalf of a company during working hours, rather than by amateurs working late into the night, it added.
The tools used in the attacks are prevalent on underground Chinese hacking forums, according to McAfee.
In 2009, a Canadian research group said a China-based ring known as "GhostNet" stole information from thousands of hard drives worldwide.
The Information Warfare Monitor said attackers broke into government and private organizations in 103 countries, including the computers of the Dalai Lama and his exiled Tibetan government.
McAfee estimates that intellectual property worth an estimated one trillion U.S. dollars was stolen worldwide through the Internet in 2008.
Reported by Luisetta Mudie.