Six previously un-named energy companies targeted in a recent series of coordinated, covert and targeted attacks have now been identified, and could face legal liability for not disclosing the breaches to shareholders. The victim list includes Exxon Mobil, Royal Dutch Shell, BP, Marathon Oil, Conoco Phillips, and Baker Hughes, according to articles now published on the web by The Register and TheAge, based on a report from McAfee.
The attacks were ongoing for at least one full year, and possibly as long as four years. The so far unknown attackers worked through servers located in China. The targets of the attacks appears to have been topographical maps worth ‘millions of dollars’ containing locations of potential oil reserves.
Researchers from McAfee had promised to withhold the identity of the affected companies in exchange for help in preparing a report to “educate the community.” The public outing of the victims could cause companies to hesitate when asked to participate in anonymous studies in the future. That is unfortunate, as this is exactly the kind of information that NEEDS to be gathered and shared in order to have any impact on incidents such as this in the future.