Night Dragon Operation is one of the cyber attacks that started in mid-2006 and was initially reported by Dmitri Alperovitch, Vice President of Threat Research at Internet security company McAfee in August 2011, who also led and named the Night Dragon Operation and Operation Aurora cyberespionage intrusion investigations. The attacks have hit at least 71 organizations, including defense contractors, businesses worldwide, the United Nations and the International Olympic Committee.
Attack work model
The attacks use a variety of components – there is no single piece or family of malware responsible. The preliminary stage of the attack involves penetration of the target network, ‘breaking down the front door’. Techniques such as spear-phishing and SQL injection of public facing web servers are reported to have been used. Once in, the attackers then upload freely available hacker tools onto the compromised servers in order to gain visibility into the internal network. The internal network can then be penetrated by typical penetration methods (accessing Active Directory account details, cracking user passwords etc) in order to infect machines on the network with remote administration tools (RATs). Since this attack is done by government, the resources in terms of hardware, software and other logistics are available to the hackers PLA Unit 61398.