>> Saturday, February 12, 2011
Hackers from China have penetrated computer networks of global oil companies, stealing financial documents on bidding plans and other confidential information, a US computer security firm said Thursday....
It is reported, Starting in November 2009, coordinated covert and targeted cyberattacks have been conducted against oil, energy, and petrochemical companies.
In addition to attacking company computers, the hackers struck individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information, by McAfee report.
The industrial espionage charges are the latest leveled against hackers in China, which was accused in a report by the US-China Economic and Security Review Commission last year of waging massive attacks on US computer systems.
McAfee did not identify any of the companies targeted by the hackers. But it said all of the evidence pointed to the attackers being based in China.
McAfee said, "We have identified the tools, techniques, and network activities used in these continuing attacks, which we have dubbed Night Dragon as originating primarily in China."
It also said, Hacking tools widely available on the Chinese underground, were used to break into a company's intranet and obtain access to sensitive desktops and servers. They proceeded to connect to other machines (targeting executives) and exfiltrating email archives and other sensitive documents.
The computer security firm said that many actors took part in the attacks but it had identified an individual in Heze City, Shandong Province, who provided the crucial (command and control) infrastructure to the attackers. Although we don't believe this individual is the mastermind behind these attacks, it is likely this person is aware or has information that can help identify at least some of the individuals, groups, or organizations responsible for these intrusions.
McAfee said that all of the identified data exfiltration activity occurred from Beijing based IP addresses and operated inside the victim companies weekdays from 9:00 am to 5:00 pm Beijing time. This suggests the involved individuals were 'company men' working on a regular job, rather than freelance or unprofessional hackers. Although it is possible that all of these indicators are an elaborate red-herring operation designed to pin the blame for the attacks on Chinese hackers, we believe this to be highly unlikely.We have strong evidence suggesting that the attackers were based in China.
In January 2010, Google said it had been the target of cyberattacks originating in China which included attempts to access the email accounts of Chinese human rights activists around the world.
China has denied involvement in the December 2009 cyberattacks which Google said also targeted more than 20 other companies and led the Internet giant to halt censorship of its search engine in China.
In US diplomatic files obtained and published by WikiLeaks, the United States believes that China's leadership directed the hacking campaign into computers of Google and Western governments.
In one cable, the US embassy in Beijing said it learned from a Chinese contact that the Politburo had led years of hacking into computers of the United States, its allies and Tibet's spiritual leader the Dalai Lama.
US Director of National Intelligence James Clapper told Congress on Thursday that US computer systems were increasingly coming under attack.
Clapper, who did not specifically cite China, told a congressional committee that there had been a dramatic increase over the past year in malicious cyber activity targeting US computers and networks.
Clapper said that amost two-thirds of US firms report that they have been the victim of cybersecurity incidents or information breaches, while the volume of malicious software on American networks more than tripled from 2009.