Major cyber-espionage operation exposed

Major cyber-espionage operation exposed

Summary: "Operation Shady Rat" stole government secrets, sensitive corporate documents, and other intellectual property for five years from more than 70 public and private organizations in 14 countries.

SHARE:

A widespread cyber-espionage campaign stole government secrets, sensitive corporate documents, and other intellectual property for five years from more than 70 public and private organizations in 14 countries, according to the McAfee researcher who uncovered the effort. The campaign, dubbed "Operation Shady RAT" (RAT stands for "remote access tool") was discovered by Dmitri Alperovitch, vice president of threat research at the cyber-security firm McAfee.

While most of the targets have removed the malware, the operation continues, according to McAfee, which gained access to a crucial command-and-control server used by the attackers and has been monitoring the logs since 2006. Alperovitch has briefed senior White House officials, government agencies, and congressional staff and is working with U.S. law enforcement to shut down the operation's command-and-control server, according to Vanity Fair.

Typically, a target would get compromised when an employee with necessary access to information received a targeted spear-phishing e-mail containing an exploit that would trigger a download of the implant malware when opened on an unpatched system. The malware would execute and initiate a backdoor communication channe http://blogs.mcafee.com/mcafee-labs/revealed-operation-shady-rat

For more on this story, read Global cyber-espionage operation uncovered on CNET News.

Topics: Legal, Enterprise Software, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • RE: Major cyber-espionage operation exposed

    "... according to McAfee, which gained access to a crucial command-and-control server used by the attackers ..."

    So who was spying on who here?
    Scrabbler
  • RE: Major cyber-espionage operation exposed

    The article says "unpatched systems" were compromised. How long was the exploit patched before the attacks occurred? It's hard to believe that defense contractors and government officials work on computer missing updates.
    Admin71
    • RE: Major cyber-espionage operation exposed

      @Bookmark71 <br>It only takes one unpatched system. The key element here is not "unpatched systems" (although every computer in a network should obviously be patched) but rather a determined attacker. If someone is determined and smart enough they will *always* find a way in. IMHO what is lacking is a quick intrusion detection/response time. At my company many of our response systems are automated to (at least) block detected malicious computers, and usually alert an admin who can look at what is going on and respond appropriately. The real killer in this article are the companies that don't know they have been compromised. That is poor security on their part, and can equate to a Coup de grace for any company.
      msoeguy
  • McAfee marketing

    "Operation Shady RAT", nice marketing name. "operation's command-and-control server"... rename the botnet server with a more military sounding name.

    "cyber-espionage campaign stole government secrets, sensitive corporate documents, and other intellectual property for five years from more than 70 public and private organizations in 14 countries"

    Welcome to the Internet, all your servers are attacked all the time to get everything from them that might be worth selling.

    "targeted spear-phishing e-mail containing an exploit that would trigger a download of the implant malware when opened on an unpatched system."

    Blinding them with buzz-words. Yes McAfee, we get it, you want military money to compensate for a diminishing anti-virus market. Windows 7 is far better at basic security and so the anti-virus market just isn't what it was.
    So an irritating little botnet attempt that you've simply watched for 5 years and done nothing, suddenly becomes a cyber-threat, with a "command and control" center... blah blah blah.

    Go away you scaremongering little creeps and make a new product instead of trying to exaggerate threats to keep an old product alive.
    guihombre
  • RE: Major cyber-espionage operation exposed

    Get professional results <a href="http://www.ghd2hairstraightenersaustralia.com/"><strong>GHD Straighteners</strong></a> with ghd's brand new <a href="http://www.ghd2hairstraightenersaustralia.com/"><strong>GHD Hair Australia</strong></a> collection of 10 brushes <a href="http://www.ghd2hairstraightenersaustralia.com/"><strong>GHD Hair Straighteners Cheap</strong></a> and 2 combs ? developed <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-midnight-collection-c-2/"><strong>GHD Collection</strong></a> with professional stylists <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-pink-hair-straighteners-c-3/"><strong>Ghd Kiss</strong></a> to give you a smooth <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-pink-hair-straighteners-c-3/"><strong>Ghd Pink 2009</strong></a> and sleek finish <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-purple-hair-straighteners-c-4/"><strong>Ghd Purple Sale</strong></a> to your style. <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-purple-hair-straighteners-c-4/"><strong>yongfengying2</strong></a>
    yongfengying2
  • RE: Major cyber-espionage operation exposed

    Collection sale in 2011 <a href="http://www.tods2sale.com/"><strong>Tod Sale</strong></a> Stylish womens Tods <a href="http://www.tods2sale.com/"><strong>Tods Bags Sale</strong></a> Shoes on Todsonsale <a href="http://www.tods2sale.com/"><strong>Tods Outlet</strong></a> Online Store. Brand <a href="http://www.tods2sale.com/tods-floral-lace-shoes-c-1/"><strong>Cheap Tods Floral Lace</strong></a> New & Authentic Quality. <a href="http://www.tods2sale.com/tods-captoe-ballet-flats-c-2/"><strong>Tods Flats</strong></a> Free Shipping + Best Discount, <a href="http://www.tods2sale.com/tods-gommino-leather-shoes-c-3/"><strong>Tod's Gommino</strong></a> About 9 business days To <a href="http://www.tods2sale.com/tods-heaven-laccetto-drivers-c-4/"><strong>Tod's Mens Shoes</strong></a> Your Door! Feature of <a href="http://www.tods2sale.com/tods-snakeskin-lace-shoes-c-6/"><strong>Tods Snakeskin</strong></a> Tods Gommno Shoes Black Red. <a href="http://www.tods2sale.com/"><strong>yonfengying2</strong></a>
    yongfengying2