Shady RAT Gnaws into 70+ Organizations During Past 5 Years

Massive transfer of intellectual property called "unprecedented"

Advertisement

Hmm, where does this fit on the IEEE Spectrum hacking matrix, and how close does it come to being an organized, state sponsored cyber attack that warrants a retaliatory response?

According to numerous stories in the news media like this one in today's Washington Post, the security firm McAfee has identified "a five year targeted operation by one specific actor" against at least 72 organizations around the world.

The hacking operation, which McAfee calls Operation Shady RAT (for remote access tool), is likely to have stolen petabytes of information from US Federal, state and county government organizations; the Canadian, Indian, Vietnamese, South Korean and Taiwanese governments; the United Nations; 14 international defense contractors; financial and insurance companies; high tech and news media companies; economic trade organizations; think tanks and even the International Olympic Committee, among others. Some 49 out of the 72 organizations compromised were in the US.

Dmitri Alperovitch, McAfee’s vice president of threat research, called the hacking, which he pointed out was only one incident among many,

"... a massive transfer of wealth in the form of intellectual property that is unprecedented in history."

None of the organizations on McAfee's list were from China, which is suspected as being behind the intrusions. A spokesperson at the Chinese Embassy in Washington DC this evening denies that the Chinese government was involved, this Bloomberg News story notes.

I doubt, however, much will come of the McAfee report other than yet another warning to companies, nonprofits, governmental organizations, and so forth to beef up their IT security. Just like after McAfee's Operation Aurora report.

You can read the full McAfee Shady RAT report here (PDF).

The Computing Technology Newsletter

Biweekly newsletter about advances in hardware, software and systems.

About the Risk Factor blog

IEEE Spectrum’s risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.