According to cybersecurity firm McAfee, Chinese hackers have been carrying out “coordinated, covert and targeted” attacks on US fuel companies for years. The campaign, codenamed “Night Dragon,” has been in full effect since 2009 and could have begun as early as 2007.
For the time being, McAfee will not name the victimized companies, and is only publicly reporting on the matter in order “to protect those not yet impacted and to repair those who have been.” According to the Wall Street Journal, BP, ExxonMobil, and other large oil companies declined to comment on whether they had been attacked. Chevron reported “it wasn’t aware of any successful hacks into the company’s data systems by Night Dragon.”
While Chevron may have been safe from the cyber threats, McAfee claims the hacks were successful. Confidential company information concerning energy and internal financial operations were taken. McAfee claims that while these attacks were solely focused on the energy sector, other industries should be aware of this magnitude of information theft. Of course, McAfee is also selling its services, so informing the public of these events isn’t an entirely selfless gesture.
That said, the FBI is investigating the situation. Earlier this year, the WikiLeaks Cablegate release revealed that Chinese politicians were behind a cyberattack on Google last year. In this case, McAfee is uncertain whether the hacks were government sanctioned. According to Dmitri Alperovitch, VP of threat research at the firm, “the facts point to Chinese hacker activity that is organized, so [it is] potentially directed either by the private sector or the public sector. But it’s impossible for me to know for sure which one.” He did add that the campaign was organized and being run as a nine to five job, suggesting the hackers were not unprofessional.
