Night Dragon Operation

Night Dragon Operation is one of the cyberattacks that started in mid-2006 and was initially reported by Dmitri Alperovitch, Vice President of Threat Research at Internet security company McAfee in August 2011, who also led and named the Night Dragon Operation and Operation Aurora cyberespionage intrusion investigations. The attacks have hit at least 71 organizations, including defense contractors, businesses worldwide, the United Nations and the International Olympic Committee.

Attack work model

edit

The attacks use a variety of components—there is no single piece or family of malware responsible. The preliminary stage of the attack involves penetration of the target network, ‘breaking down the front door’. Techniques such as spear-phishing and SQL injection of public facing Web servers are reported to have been used. Once in, the attackers then upload freely available hacker tools onto the compromised servers in order to gain visibility into the internal network. The internal network can then be penetrated by typical methods (accessing Active Directory account details, cracking user passwords, etc.) in order to infect machines on the network with remote administration trojans (RATs). Since this attack is done by a government, the resources in terms of hardware, software, and other logistics available to the hackers are considerable (PLA Unit 61398).[1][2][3]

References

edit
  1. ^ "'Night Dragon' Attacks From China Strike Energy Companies". PCWorld. Retrieved 10 February 2016.
  2. ^ Howard, Fraser (11 February 2011). "Night Dragon attacks: myth or reality?". Sophos.
  3. ^ Pentland, William (19 February 2011). "Night Dragon Attacks Target Technology in Energy Industry". Forbes.

Confessions of a Cyber Spy Hunter Eric Winsborrow (TEDx)