Night Dragon

Puff the Magic, err I mean McAfee’s “Night Dragon” is what they’ve named tools, techniques, and network activities used in continuing attacks since November 2009 targeted against global oil, energy, and petrochemical companies.

Again, it seems like the same old story.  Web servers sitting in the DMZ with harmless SQL injection vulnerabilities (sarcasm) are pwned and then used to pivot into the internal corporate network.  Seek and exfiltrate high value data using remote access tools such as Gh0st and zwShell (think SubSeven, Netbus etc).  Game over.  Again, attribution leans towards our friends from the East (hence the ‘Dragon’ you jackass).

This could be a catalyst from McAfee’s PR/marketing department so be warned.  I’d love to see some Anon-LoLz member in Kansas bouncing through China, planting Mandarin comments in src before compiling shell code, and working 9-5 China time hours getting everyone in a tizzy over this APT threat….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s