McAfee reveals massive, five-year long cyber attack

By on August 3, 2011, 6:00 PM

McAfee issued a report today detailing what is at minimum a five-year, sustained, global hacking campaign launched against more than 72 high value targets. Known as "Operation: Shady RAT", the long-term cyber intrusions are said to have involved classified government networks, public agencies, multi-national companies and even, ironically, computer security firms. 

McAfee refrains from being too specific about the victims, but they do identify a handful of targets, including the Department of Energy, the United Nations and the World Anti-Doping Agency in Canada. Overall, 72 identifiable entities were infiltrated, however many other unidentified targets still remained. More specifically, 22 government agencies were compromised in addition to six industrial companies, 13 technology companies, 13 defense contractors, six financial firms and 12 organizations.

"McAfee has gained access to one specific Command & Control server used by the intruders. We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began. Note that the actual intrusion activity may have begun well before that time but that is the earliest evidence we have for the start of the compromises. The compromises themselves were standard procedure for these types of targeted intrusions: a spear-phishing email containing an exploit is sent to an individual with the right level of access at the company, and the exploit when opened on an unpatched system will trigger a download of the implant malware."

"... After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators. Although we will refrain from explicitly identifying most of the victims, describing only their general industry, we feel that naming names is warranted in certain cases, not with the goal of attracting attention to a specific victim organization, but to reinforce the fact that virtually everyone is falling prey to these intrusions, regardless of whether they are the United Nations, a multinational Fortune 100 company, a small non-profit think-tank, a national Olympic team, or even an unfortunate computer security firm."

Source: Dmitri Alperovitch, VP of Threat Research at McAfee

The report includes illuminating details regarding the duration and geographical location of cyber attack victims, many of which were compromised for several months or more. A handful of those organizations were victimized for less than one month, however for one Asian Olympic committee, the infiltration lasted for more than two years.

Over the span of five years, the barrage of intrusions are said to have transferred over a petabyte of data. Alperovitch suggests that such a wealth of information may likely include company trade secrets and classified information which unscrupulous competitors or organizations may be using to their advantage. However, the author then goes on to hypothesize that perpetrators may not have solely been motivated by profit, given the broad diversity of targets and the inclusion of non-profit organizations. 

Alperovitch said he was also intrigued by the idea of comparing the dates of intrusions against geo-political events. Based up the available puzzle pieces, some reports have already speculated that individuals in China may indeed be the culprits. 




User Comments: 19

Got something to say? Post a comment
Guest said:

McAfee is a piss poor AV. How are they experts on cyber security?

[link]

Emin3nce said:

Was probably China :3

Archean Archean, TechSpot Paladin, said:

Or India?

HiDDeNMisT HiDDeNMisT said:

I'd rather use Norton than McAfee, and I hate Norton.

Guest said:

You really should avoid both and use Avast Antivirus as it is Certified, Award winning and free. I've used it for close to 10 years and it is outstanding and no I do not sell or work for them :)

Lokalaskurar Lokalaskurar said:

emin3nce said:

Was probably China :3

Well, my first guess was that this was in fact a bot network hacker; the targets seem to distant to each other, their respective goals are almost unique. Although, when you think about it - China is not on the map of victims

Mindwraith said:

49 targets in the US and none in China?

not hard to crack that code..

Leeky Leeky said:

I have to say I agree that McAfee are hardly the best reporters of this information, their products are sub-par at best.

Well, my first guess was that this was in fact a bot network hacker; the targets seem to distant to each other, their respective goals are almost unique. Although, when you think about it - China is not on the map of victims

It may not be, but China is hardly forthcoming with admitting they have been, and they like to cloud everything in secrecy as well.

Guest said:

The point of the post is that there are some sub-human rejects who care very little about YOU. They care about only one thing -- trying to instill fear in the 7 billion of us living here.

The so-called "hackers" who frequent sites like this are NOT hackers. They are a bunch of adolescents -- which is not to imply that most of you are like them. I am convinced that the majority of people who post here are hard-working adults who care a lot about our culture.

NO one should EVER try to control you. This is what the REAL hackers want -- they want to control you and me. And we need to stop them at almost any cost. The corporate jerkwads are as bad as the hackers, to be sure -- but we must not focus on them to the exclusion of the VERY bad cats who are trying to access power grids and nuclear facilities.

The point is that we CAN use laws to fight corporations. We cannot do the same to fight people who don't believe in laws at all. Just think about what it means to live in a world in which nobody can feel safe -- which is NOT the world in which we live right now. Our world is imperfect -- but it is WAY better than it would be if the hackers win.

Guest said:

Actually people who have been using Microsoft have been infected for a long time by a virus called Windows.

tw0rld tw0rld said:

Guest said:

Actually people who have been using Microsoft have been infected for a long time by a virus called Windows.

Oh no...here we go.

Lionvibez said:

tw0rld said:

Guest said:

Actually people who have been using Microsoft have been infected for a long time by a virus called Windows.

Oh no...here we go.

Post from guest are the same as post from youtube comments nobody takes them seriously

Guest said:

WHO CARES.... hacking into these EVIL companies is OK!!!! they are lieing to the public about 9-11, cancer, HIV, and many other things. The Public deserves to know these secrets (WIKI LEAKS), etc...

I am glad!

Leeky Leeky said:

WHO CARES.... hacking into these EVIL companies is OK!!!!

Is the UN for example, really evil?

Lokalaskurar Lokalaskurar said:

Leeky said:

It may not be, but China is hardly forthcoming with admitting they have been, and they like to cloud everything in secrecy as well.

Ey Leeky, I was just about to write that in a comment... It's my later realization written in its exact text... Oh, how I wish that wouldn't be true -- slash/sad face.

As for the 'hacking ethics' - I don't think a national Olympic team really qualifies as 'EVIL'...

Leeky Leeky said:

I don't think a national Olympic team really qualifies as 'EVIL'...

Depends if they're winning and your country isn't!

P.S. Great minds think alike!

jess3088 jess3088 said:

I have at more then one eccasion been asked to leave class be cause I stood up during a leason and said some pretty nasty things at my little school net book that runs McAffe. I have some things that I just dont think The two of us will ever settle on.

(Ya I talk to computers)

Guest said:

"even an unfortunate computer security firm".......

Wonder who that could have been? Maybe......"Computer security firm McAfee" ?

Wouldn't surprise me (Can't believe none of ya picked that up!)

caravel said:

McAfee are pedlars in shitware... they report on these types of incidents just to keep their "prestige" up and to keep the average person in a state of fear uncertainty and doubt and of course - continuously buying their products. Anyone with even the smallest grain of common sense would realise that none of McAfees products have any relevance to the subject matter.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.