[WASC-WHID] WHID 2011-39: Hackers Breach Tech Systems of Oil Companies

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Fri Apr 15 13:11:01 EDT 2011

Entry Title: WHID 2011-39: Hackers Breach Tech Systems of Oil Companies
WHID ID: 2011-39
Date Occurred: February 10, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Energy
Attacked Entity Geography:
Incident Description: At least five multinational oil and gas companies
suffered computer network intrusions from a persistent group of computer
hackers based in China, according to a report released Wednesday night by a
Silicon Valley computer security firm.
According to the report, the intruders used widely available attack methods
known as SQL injection and spear phishing to compromise their targets. Once
they gained access to computers on internal company networks, they would
install remote administration software that gave them complete control of
those systems. That made it possible for the intruders to search for
documents as well as stage attacks on other computers connected to corporate
Mass Attack: No
Mass Attack Name: Night Dragon
Number of Sites Affected: 5
Attack Source Geography: China

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110415/b8273a0e/attachment-0003.html>

More information about the wasc-whid mailing list