Operation Shady RAT active since 2006

McAfee released on Tuesday it’s findings for a several year exploitation of international machines dubbed “Operation Shady  RAT“:

What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth — closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design schematics and much more has “fallen off the truck” of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.

McAfee gained access to a Command and Control server used in the exploits and as they analyzed the logs, the findings were stunning. At least 72 parties making up 32 unique organizations in over 14 worldwide locations were compromised. Data, reaching Petrabytes in size have been leeched from corporations, defense contractors and government systems alike. Several of the systems were compromised for over 20 months.

Many experts are pointing at China as the source of the attacks. But it is interesting to see what the original targets were in 2006:

In 2006, the year that the logs begin, we saw only eight intrusions: two on South Korean steel and construction companies, and one each on a South Korean Government agency, a Department of Energy Research Laboratory, a U.S. real-estate firm, international trade organizations of an Asian and Western nations and the ASEAN Secretariat.

Three of the very first attacks were against South Korea. One would have to at least ponder if North Korea is involved.

McAfee states that the attacks used were not new, and its virus protection software has protected against it for several years.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.