Puff the Magic, err I mean McAfee’s “Night Dragon” is what they’ve named tools, techniques, and network activities used in continuing attacks since November 2009 targeted against global oil, energy, and petrochemical companies.
Again, it seems like the same old story. Web servers sitting in the DMZ with harmless SQL injection vulnerabilities (sarcasm) are pwned and then used to pivot into the internal corporate network. Seek and exfiltrate high value data using remote access tools such as Gh0st and zwShell (think SubSeven, Netbus etc). Game over. Again, attribution leans towards our friends from the East (hence the ‘Dragon’ you jackass).
This could be a catalyst from McAfee’s PR/marketing department so be warned. I’d love to see some Anon-LoLz member in Kansas bouncing through China, planting Mandarin comments in src before compiling shell code, and working 9-5 China time hours getting everyone in a tizzy over this APT threat….