Shady RAT Gnaws into 70+ Organizations During Past 5 Years
Massive transfer of intellectual property called "unprecedented"
Hmm, where does this fit on the IEEE Spectrum hacking matrix, and how close does it come to being an organized, state sponsored cyber attack that warrants a retaliatory response?
According to numerous stories in the news media like this one in today's Washington Post, the security firm McAfee has identified "a five year targeted operation by one specific actor" against at least 72 organizations around the world.
The hacking operation, which McAfee calls Operation Shady RAT (for remote access tool), is likely to have stolen petabytes of information from US Federal, state and county government organizations; the Canadian, Indian, Vietnamese, South Korean and Taiwanese governments; the United Nations; 14 international defense contractors; financial and insurance companies; high tech and news media companies; economic trade organizations; think tanks and even the International Olympic Committee, among others. Some 49 out of the 72 organizations compromised were in the US.
Dmitri Alperovitch, McAfee’s vice president of threat research, called the hacking, which he pointed out was only one incident among many,
"... a massive transfer of wealth in the form of intellectual property that is unprecedented in history."
None of the organizations on McAfee's list were from China, which is suspected as being behind the intrusions. A spokesperson at the Chinese Embassy in Washington DC this evening denies that the Chinese government was involved, this Bloomberg News story notes.
I doubt, however, much will come of the McAfee report other than yet another warning to companies, nonprofits, governmental organizations, and so forth to beef up their IT security. Just like after McAfee's Operation Aurora report.
You can read the full McAfee Shady RAT report here (PDF).
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.