It’s worrying enough to read about security breaches that affect the consumer services many of us use online, such as those against Sony, Gawker, PBS, and a host of others earlier this year. What McAfee has revealed today goes way beyond worrying. The company’s revelations about a series of coordinated, sustained attacks against thousands of the world’s biggest companies and government agencies — dubbed Operation Shady RAT — are simply terrifying.
According to VP of Threat Research Dmitri Alperovitch, someone, somewhere has been waging a spear phishing campaign on a massive international scale since mid-2006. Alperovitch believes that attacks have been launched against nearly every Fortune Global 2000 firm, which he groups into two categories: those who know they’ve been compromised and those who don’t.
The attacks utilized carefully crafted malicious documents that installed a backdoor once opened on a vulnerable system (hence the RAT, which stands for Remote Access Tool). Once the door was opened, attackers went to work harvesting sensitive data from (and planting additional malware on) networked systems. While many of the attacks were comparatively brief (lasting only a month or two), other were
sustained over longer periods — as long as 28 months.
By gaining access to a single command and control server, McAfee researchers were able to analyze log files that shed light on the attacks — which date back as far as 2006. U.S. federal, state, and county governments have also been targeted, as have the governments of Canada, Taiwan, Vietnam, India, and South Korea, and even NATO itself. Of the 72 entities that were able to be positively identified, 13 were defense contractors. McAfee believes that petabytes of information have been stolen over the years and contain everything from email archives to classified documents about oil exploration, weapons systems, application source code, and contracts.
Alperovitch also notes that a handful of attacks underscore suspicions that Operation Shady RAT is being coordinated by a foreign state: those against the International Olympic Committee, the Asian and Western Olympic Committees, and the World Anti-Doping Agency. These intrusions took place shortly before and after the 2008 Olympic Games in Beijing — and while Alperovitch is careful to not name names, China has had more than one accusatory finger pointed at it in the past.
If information and access are the ammunition of choice for the next major war, someone is gathering a massive stockpile and the consequences could be dire. The data harvested during the half-decade plus Shady RAT has been ongoing could be used to defeat business competitors — or even entire nations — economically.
More at McAffee and Security Week
@Atulplayer
Posts
