Night Dragon Cyberattacks — What You Need to Know

McAfee has uncovered a major string of attacks (aka “Night Dragon”) designed to steal sensitive data from targeted organizations. McAfee already has added “Night Dragon” protection to our latest security technologies. Please ensure your antivirus DATs are updated to at least 6232, on-demand scans are working properly, and perform a full file system virus scan to maximize your protection.

Night Dragon is a Trojan backdoor that is installed on a system using a Trojan dropper (.exe) file that is copied to computers by an attacker, usually over Windows shares. Night Dragon attacks use a combination of social engineering and well-coordinated, targeted, cyberattacks using Trojans, remote control software, and other malware. It has no "worm" infection capability and does not self-propagate.

The attackers are currently targeting global oil, energy, and petrochemical companies with the apparent intent of stealing sensitive information such as operation details, exploration research, and financial data. Unlike Stuxnet, however, the Night Dragon attacks are not necessarily industry-specific.
For your reference, McAfee solutions working together help combat attacks like Night Dragon:

• McAfee Host Intrusion Prevention 8.0 delivers an APT detection feature to correlate and detect RAT and data exfiltration

• McAfee Application Control (MAC) prevents malware by not allowing unapproved software to run

• McAfee Configuration Control (MCC) disallows unapproved configuration changes

• McAfee Vulnerability Manager (MVM) detects infected systems and security weaknesses in those systems

• McAfee VirusScan Enterprise (VSE) provides protection with antivirus DATs 6232 and above

• McAfee Policy Auditor detects security weaknesses in compromised systems

• McAfee Risk Advisory (MRA) provides visibility into configuration errors and security gaps that allow exploitation

• McAfee Network Threat Response (NTR) detects command and control traffic

• McAfee Network Security Platform (NSP) detects malicious traffic and provides alerts, allowing rapid response

• McAfee Enterprise Firewall mitigates network penetrations and can be layered to minimize internal network attacks

• McAfee Web Gateway mitigates RAT operations

• McAfee Endpoint Encryption reduces usability of targeted, sensitive information

• McAfee Data Loss Protection (DLP) prevents and detects the extraction of sensitive data

What you can do:
• Update your antivirus DATs to at least 6232; ensure on-demand scans are working properly and perform a full file system virus scan.

• Review ePO, antivirus alerts, and network logs to identify compromised systems.

• Review NSP alerts for “BACKDOOR: NightDragon Communication Detected” detections McAfee offers tools to assist you:
  - Night Dragon Detection & Removal Utility (Stinger) 
  - Night Dragon Vulnerability Scanner

---