high_confidence
Night Dragon
[Night Dragon](https://attack.mitre.org/campaigns/C0002) was a cyber espionage campaign that targeted oil, energy, and petrochemical companies, along with individuals and executives in Kazakhstan, Taiwan, Greece, and the United States. The unidentified threat actors searched for information related to oil and gas field production systems, financials, and collected data from SCADA systems. Based on the observed techniques, tools, and network activities, security researchers assessed the campaign involved a threat group based in China.(Citation: McAfee Night Dragon)
Start date
1 November 2009
End date
1 February 2011
Techniques
29
Attributed actors
Techniques (29)
collection3
T1114.001Local Email Collection
T1005Data from Local System
T1074.002Remote Data Staging
command-and-control5
T1008Fallback Channels
T1568Dynamic Resolution
T1105Ingress Tool Transfer
T1071.001Web Protocols
T1219Remote Access Tools
credential-access2
T1110.002Password Cracking
T1003.002Security Account Manager
defense-impairment2
T1112Modify Registry
T1685Disable or Modify Tools
discovery2
T1033System Owner/User Discovery
T1083File and Directory Discovery
execution2
T1059.003Windows Command Shell
T1204.001Malicious Link
initial-access5
T1566.002Spearphishing Link
T1078Valid Accounts
T1133External Remote Services
T1078.002Domain Accounts
T1190Exploit Public-Facing Application
lateral-movement1
T1550.002Pass the Hash
persistence4
T1078Valid Accounts
T1133External Remote Services
T1112Modify Registry
T1078.002Domain Accounts
privilege-escalation2
T1078Valid Accounts
T1078.002Domain Accounts
resource-development5
T1588.002Tool
T1584.004Server
T1608.001Upload Malware
T1588.001Malware
T1583.004Server
stealth4
T1078Valid Accounts
T1078.002Domain Accounts
T1027.002Software Packing
T1027.013Encrypted/Encoded File
Indicators of compromise
No IOCs linked to this campaign yet.