At least five multinational oil and gas companies suffered computer network intrusions from a persistent group of computer hackers based in China, according to a report released Wednesday night by a Silicon Valley computer security firm, The New York Times reported.
Computer security researchers at McAfee Inc. said the attacks, which were similar to but less sophisticated than a series of computer break-ins discovered in late 2009 by Google, appeared to be aimed at corporate espionage. Operating from what was a base apparently in Beijing, the intruders established control servers in the United States and Netherlands to break into computers in Kazakhstan, Taiwan, Greece and the United States, according to a report, "Global Energy Cyberattacks: 'Night Dragon.' "
The focus of the intrusions was on oil and gas field production systems as well as financial documents related to field exploration and bidding for new oil and gas leases, according to the report. The attackers also stole information related to industrial control systems, the researchers noted, but no efforts to tamper with these systems were observed.
McAfee executives declined to name the victim companies, citing nondisclosure agreements it signed before being hired to patch the vulnerabilities revealed by the intrusions. Last year, when Google announced that intellectual property had been stolen by Chinese intruders, it expressed frustration that while it had observed break-ins at a variety of other United States companies, virtually none of the other companies were willing to acknowledge that they had been compromised.
"We have confirmed that five companies have been attacked," said Dmitri Alperovitch, McAfee's vice president for threat research. He said he suspected that at least a dozen companies might have been affected by the team of computer hackers seemingly based in Beijing and who appeared to work during standard business hours there.
"These people seemed to be more like company worker bees rather than free-spirited computer hackers," he said. "These attacks were bold, even brazen, and they left behind a trail of evidence."
It was not possible to tell whether the attacks were the work of a government organization or a particular group of cybercriminals, Mr. Alperovitch said.
Jenny Shearer, a spokeswoman for the Federal Bureau of Investigation in Washington, said that the agency was aware of the McAfee report, but had no comment.
According to the report, the intruders used widely available attack methods known as SQL injection and spear phishing to compromise their targets. Once they gained access to computers on internal company networks, they would install remote administration software that gave them complete control of those systems. That made it possible for the intruders to search for documents as well as stage attacks on other computers connected to corporate networks.
In addition to their parallels to the Google attacks of last year, the intrusions resembled a Chinese-based electronic espionage network that was found in 2009 and named GhostNet. In that case, researchers at the Munk Center for International Studies at the University of Toronto uncovered an elaborate network aimed at government computers as well as those of nongovernmental organizations like the office of the Dalai Lama. The researchers concluded that the control servers of the attack system were based on the island of Hainan, which is part of China.
The McAfee report was released shortly before the annual RSA Conference on Web security in San Francisco. The annual computer security industry trade show and conference routinely leads to an outpouring of accounts of computer network vulnerabilities and new reports of intrusions and data thefts.