Operation Shady RAT active since 2006
McAfee released on Tuesday it’s findings for a several year exploitation of international machines dubbed “Operation Shady RAT“:
What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth — closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design schematics and much more has “fallen off the truck” of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.
McAfee gained access to a Command and Control server used in the exploits and as they analyzed the logs, the findings were stunning. At least 72 parties making up 32 unique organizations in over 14 worldwide locations were compromised. Data, reaching Petrabytes in size have been leeched from corporations, defense contractors and government systems alike. Several of the systems were compromised for over 20 months.
Many experts are pointing at China as the source of the attacks. But it is interesting to see what the original targets were in 2006:
In 2006, the year that the logs begin, we saw only eight intrusions: two on South Korean steel and construction companies, and one each on a South Korean Government agency, a Department of Energy Research Laboratory, a U.S. real-estate firm, international trade organizations of an Asian and Western nations and the ASEAN Secretariat.
Three of the very first attacks were against South Korea. One would have to at least ponder if North Korea is involved.
McAfee states that the attacks used were not new, and its virus protection software has protected against it for several years.