Operation Shady RAT hacking campaign stealing data worldwide
updated 09:10 am EDT, Wed August 3, 2011
McAfee uncovers serious global security threat
Hacking attacks around the globe have reached a new level with news that an unknown group has silently waged a hacking campaign over the past five-years. Dmitri Alperovitch, vice president of threat research at McAfee, has dubbed the high-level hacking campaign Operation Shady RAT. Alperovitch says around 70 public and private sector organizations around the globe have been victims of data theft resulting from the ongoing campaign.
Alperovitch first uncovered evidence of Shady RAT in early 2009. A McAfee client, a U.S. defense contractor, discovered malware on its network. However, until that point, no one had ever seen the type of malware being used in the attack. It is described as a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loads a remote-access tool, or RAT, on to infected computers.
The RAT escalates a user’s privileges, which it then utilizes to extract sensitive data. McAfee has blocked its own clients from connecting to the server where the attacks were being launched. Only this March, however, did Alperovitch finally discover the logs stored on the attackers’ servers, where the identities of those organizations affected were revealed.
McAfee identified government agencies in the United States, Taiwan, South Korea, Vietnam, and Canada, the Olympic committees in three countries, and the International Olympic Committee. Others included organizations in Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India. Those most affected were based in the US, while military contractors have been over-represented.
James A. Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies argues that China is responsible asking, “Who else spies on Taiwan?”
McAfee is said to be working closely with the US government aiming to shut down the command-and-control server where the attacks are currently being launched.
Already this year infamous hackers Lulzsec and Anonymous have already launched major attacks on a wide range of targets. Sony, perhaps, was the most publicized victim with the user data of over 77 million of its customers emerged. However, this new threat may have accessed much more sensitive information and continues to pose a threat. [via Vanity Fair]
