Printed from

Operation Shady RAT hacking campaign stealing data worldwide

updated 09:10 am EDT, Wed August 3, 2011

McAfee uncovers serious global security threat

Hacking attacks around the globe have reached a new level with news that an unknown group has silently waged a hacking campaign over the past five-years. Dmitri Alperovitch, vice president of threat research at McAfee, has dubbed the high-level hacking campaign Operation Shady RAT. Alperovitch says around 70 public and private sector organizations around the globe have been victims of data theft resulting from the ongoing campaign.

Alperovitch first uncovered evidence of Shady RAT in early 2009. A McAfee client, a U.S. defense contractor, discovered malware on its network. However, until that point, no one had ever seen the type of malware being used in the attack. It is described as a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loads a remote-access tool, or RAT, on to infected computers.

The RAT escalates a user's privileges, which it then utilizes to extract sensitive data. McAfee has blocked its own clients from connecting to the server where the attacks were being launched. Only this March, however, did Alperovitch finally discover the logs stored on the attackers' servers, where the identities of those organizations affected were revealed.

McAfee identified government agencies in the United States, Taiwan, South Korea, Vietnam, and Canada, the Olympic committees in three countries, and the International Olympic Committee. Others included organizations in Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India. Those most affected were based in the US, while military contractors have been over-represented.

James A. Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies argues that China is responsible asking, "Who else spies on Taiwan?"

McAfee is said to be working closely with the US government aiming to shut down the command-and-control server where the attacks are currently being launched.

Already this year infamous hackers Lulzsec and Anonymous have already launched major attacks on a wide range of targets. Sony, perhaps, was the most publicized victim with the user data of over 77 million of its customers emerged. However, this new threat may have accessed much more sensitive information and continues to pose a threat. [via Vanity Fair]

By Electronista Staff
Post tools:




Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Prong PWR Case

Ultimately there's one thing we all want from smartphone accessories; we want options. When it comes to keeping our iPhone charged, we ...

iHome iBT74 Color Changing Bluetooth Speaker

There's no reason why your tech can't look good while doing what it was designed to do. That's the reason that sports cars look good a ...

Logitech Gaming Daedalus Prime Mouse

Logitech Gaming continues to expand upon its peripherals line, with each one looking to fit neatly into a breadth of gaming needs. Bui ...



Most Commented