Night Dragon Operation

Night Dragon is a threat actor focused on cyberattacks within the oil and petrochemical industry and gained the attention of McAfee VP Dmitri Alperovitch in 2011. Night Dragon was profiled in the McAfee report, “Global Energy Cyberattacks: Night Dragon, “ which provided an overview of advanced persistent threat activity within the oil and petrochemical industry.

Night Dragon activity began sometime between 2007 and 2009, and Night Dragon targeted attacks impacted over 70 organizations. The mix of targeted entities includes businesses and organizations worldwide, the International Olympic Committee, and the United Nations. Night Dragon has also consistently targeted and attacked defense contractors. According to the report, this activity began in 2009 or potentially as early as 2007. The attacks have hit 71 organizations, including defense contractors, businesses worldwide, the United Nations, and the International Olympic Committee.

McAfee’s report noted that the Night Dragon hackers behind the attacks were based in China. The widespread use of Chinese language malicious software tools and IP addresses pointed back to Beijing on the mainland. Most interesting is that the command and control (C&C) servers were traced to Heze City, Shandong Province, in mainland China.

No one could tell if the Chinese government had sanctioned these attacks or if it was a private company. The Night Dragon threat actors continued to reach out to the United States, the Netherlands, and many other geographies and locations.

Night Dragon’s attacks generally use spear-phishing, SQL injection, social engineering, exploitation of known Windows OS and Active Directory vulnerabilities, and the malicious use of remote administration tools (aka RATS). Once the internal network is accessible, the Night Dragon threat actors can load additional malicious tools to broaden visibility and enable further reconnaissance.

More typical techniques and tools can be applied to obtain authentication and infect the network with RATs and other malicious software. It has been observed by security researchers that Night Dragon has access to a wide variety of software tools and capabilities; this is typical of a unit being funded by a large and capable nation-state.

Once data of interest has been identified, the files can be exfiltrated. Often the stolen information centers on oil and gas operations, as well as confidential financial information about the costs of field exploration and bid pricing.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.