Night Dragon hackers smash energy multinationals

The skills and tools used by the hackers were fairly orthodox, according to the report.

Firstly, the attackers used SQL-injection techniques to compromise their target's company extranet web servers, thereby allowing remote command execution.

They then uploaded widely available tools onto the compromised servers, providing access to internal desktops and servers. Password cracking tools let the hackers gain extra usernames and passwords.

By disabling Internet Explorer proxy settings, the infiltrators enabled direct communication from infected machines to the internet, allowing them to exfiltrate emails and other sensitive documents from company executives.

Spear-phishing techniques were also used to gain additional information from company accounts.

Although the hackers used typical techniques, this was not a sign that the energy companies' systems were weak, Day said.

"It's a sign of the complexity of the IT world we work in," he explained.

"A SQL injection is something organisations see every day the challenge is most organisations, especially large ones, have such a breadth of environment and the challenge is being able to stay on top of all of that."

Day said it has become very hard for businesses to remain "100 per cent compliant" given the complexity of the security environment now.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.