The so called "NightDragon" is not a virus as is popularly belived, but rather a sophisticated combination of hacking and viruses. It did not involve the creation of new code, or a single Trojan per se, but rather used a combination of tools and Trojans that made it exceptionally difficult to detect. to the best of our knowledge, the attacks started 2 yrs ago, and are being directly targeted at gas and oil companies that are direct competition to the Chinese government.
So difficult is it to trace that when the links between the individual attacks were drawn, it was type of data being stolen that was the flag that there was a relationship.
This attack used fairly unsophisticated methods: SQL injections and AD vulnerabilities. It was able to do so because very few companies actually have tight SQL security on their internal web sites and even fewer have their servers patched to current. Once you break into the internal corporate website, you can then steal the AD connector information and then proceed to MAC spoofing to appear like you belong there.
The best thing that could have helped the victims was better network security and a concrete Data Loss Prevention Solution that was network hardware based.
Reading this, I am certain you will understand why Symantec doesn't have a virus definition file to prevent it. However, Symantec does have one of the most comprehensive database of Trojans and threats and zero-day protection. And from the client side, Symantec Endpoint Protection 11.x takes an altruistic approach to thwart attacks of this type in the following ways:
1. Antivirus definitions updated as soon as signature files can be created.
2. Active Threat Detection that functions based on heuristics to prevent suspicious from taking control of the client via suspicious code (SQL injections).
3. Intrusion Prevention to detect port scanning, brute force attacks, and prevent unauthorized remote access programs from accessing the corporate network.
3. Endpoint Protection to lock down corporate endpoints to prevent the spread of any such Trojan that might embed itself into removable data and prevent unauthorized programs from being installed to client machines.