Printed from

Operation Shady RAT hacking campaign stealing data worldwide

updated 09:10 am EDT, Wed August 3, 2011

McAfee uncovers serious global security threat

Hacking attacks around the globe have reached a new level with news that an unknown group has silently waged a hacking campaign over the past five-years. Dmitri Alperovitch, vice president of threat research at McAfee, has dubbed the high-level hacking campaign Operation Shady RAT. Alperovitch says around 70 public and private sector organizations around the globe have been victims of data theft resulting from the ongoing campaign.

Alperovitch first uncovered evidence of Shady RAT in early 2009. A McAfee client, a U.S. defense contractor, discovered malware on its network. However, until that point, no one had ever seen the type of malware being used in the attack. It is described as a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loads a remote-access tool, or RAT, on to infected computers.

The RAT escalates a user's privileges, which it then utilizes to extract sensitive data. McAfee has blocked its own clients from connecting to the server where the attacks were being launched. Only this March, however, did Alperovitch finally discover the logs stored on the attackers' servers, where the identities of those organizations affected were revealed.

McAfee identified government agencies in the United States, Taiwan, South Korea, Vietnam, and Canada, the Olympic committees in three countries, and the International Olympic Committee. Others included organizations in Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India. Those most affected were based in the US, while military contractors have been over-represented.

James A. Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies argues that China is responsible asking, "Who else spies on Taiwan?"

McAfee is said to be working closely with the US government aiming to shut down the command-and-control server where the attacks are currently being launched.

Already this year infamous hackers Lulzsec and Anonymous have already launched major attacks on a wide range of targets. Sony, perhaps, was the most publicized victim with the user data of over 77 million of its customers emerged. However, this new threat may have accessed much more sensitive information and continues to pose a threat. [via Vanity Fair]

By Electronista Staff
Post tools:




Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...



Most Commented


Popular News