A widespread cyber-espionage campaign stole government secrets, sensitive corporate documents, and other intellectual property for five years from more than 70 public and private organizations in 14 countries, according to the McAfee researcher who uncovered the effort. The campaign, dubbed "Operation Shady RAT" (RAT stands for "remote access tool") was discovered by Dmitri Alperovitch, vice president of threat research at the cyber-security firm McAfee.
While most of the targets have removed the malware, the operation continues, according to McAfee, which gained access to a crucial command-and-control server used by the attackers and has been monitoring the logs since 2006. Alperovitch has briefed senior White House officials, government agencies, and congressional staff and is working with U.S. law enforcement to shut down the operation's command-and-control server, according to Vanity Fair.
Typically, a target would get compromised when an employee with necessary access to information received a targeted spear-phishing e-mail containing an exploit that would trigger a download of the implant malware when opened on an unpatched system. The malware would execute and initiate a backdoor communication channe http://blogs.mcafee.com/mcafee-labs/revealed-operation-shady-rat
For more on this story, read Global cyber-espionage operation uncovered on CNET News.