Night Dragon

Puff the Magic, err I mean McAfee’s “Night Dragon” is what they’ve named tools, techniques, and network activities used in continuing attacks since November 2009 targeted against global oil, energy, and petrochemical companies.

Again, it seems like the same old story.  Web servers sitting in the DMZ with harmless SQL injection vulnerabilities (sarcasm) are pwned and then used to pivot into the internal corporate network.  Seek and exfiltrate high value data using remote access tools such as Gh0st and zwShell (think SubSeven, Netbus etc).  Game over.  Again, attribution leans towards our friends from the East (hence the ‘Dragon’ you jackass).

This could be a catalyst from McAfee’s PR/marketing department so be warned.  I’d love to see some Anon-LoLz member in Kansas bouncing through China, planting Mandarin comments in src before compiling shell code, and working 9-5 China time hours getting everyone in a tizzy over this APT threat….

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s