Night Dragon Operation

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Night Dragon Operation is one of the cyberattacks that started in mid-2006 and was initially reported by Dmitri Alperovitch, Vice President of Threat Research at Internet security company McAfee in August 2011, who also led and named the Night Dragon Operation and Operation Aurora cyberespionage intrusion investigations. The attacks have hit at least 71 organizations, including defense contractors, businesses worldwide, the United Nations and the International Olympic Committee.

Attack work model[edit]

The attacks use a variety of components – there is no single piece or family of malware responsible. The preliminary stage of the attack involves penetration of the target network, ‘breaking down the front door’. Techniques such as spear-phishing and SQL injection of public facing web servers are reported to have been used. Once in, the attackers then upload freely available hacker tools onto the compromised servers in order to gain visibility into the internal network. The internal network can then be penetrated by typical penetration methods (accessing Active Directory account details, cracking user passwords etc.) in order to infect machines on the network with remote administration trojans (RATs). Since this attack is done by government, the resources in terms of hardware, software and other logistics are available to the hackers PLA Unit 61398.[1][2][3]


  1. ^ "'Night Dragon' Attacks From China Strike Energy Companies". PCWorld. Retrieved 2016-02-10.
  2. ^ Howard, Fraser (11 February 2011). "Night Dragon attacks: myth or reality?". Sophos.
  3. ^ Pentland, William (19 February 2011). "Night Dragon Attacks Target Technology in Energy Industry". Forbes.

Confessions of a Cyber Spy Hunter Eric Winsborrow (TEDx)