McAfee reveals sustained state-run hacking campaign

Hacking campaign run by 'state actor' hit 72 government and private sector organisations over five years

Tags: Cyber crimeMalwareMcAfee IncorporationPhishing
  • E-Mail
McAfee reveals sustained state-run hacking campaign Operation Shady RAT targeted a range of commercial, government, defence and quasi-government organisations.
By  Mark Sutton Published  August 3, 2011

McAfee has unveiled evidence of a sustained series of hacks carried out by a single ‘state actor’ against a wide range of companies worldwide.

The attacks, which stretched over a span of five years, hit 72 organisations worldwide including governments of the US, Taiwan, India, South Korea, Vietnam and Canada; the Association of South-east Asian Nations, the International Olympic Committee, the World Anti Doping Agency, and companies across a range of sectors. Thirteen companies in ICT sector and thirteen defence contractors were targeted.

The series of hacks, dubbed ‘Operation Shady RAT’ (Remote Access Terminal) by McAfee, were uncovered as part of an investigation into security breaches at companies in the defence industry.

The attackers primarily used spear phishing attacks against individuals within targeted organisations, and once they had gained access, would then look for ‘competitive intelligence’ that could be used by rival companies or organisations, rather than financial data or logins.

The scope of the attacks was revealed by logs left by the hackers on a command-and-control server that orchestrated the attacks.

Dmitri Alperovitch, vice president of threat research at McAfee commented: "Even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators."

While McAfee did not name any particular nation suspected of carrying out the attacks, many experts pointed to China as being one of the few nations capable of mounting such concerted attacks, and also circumstantial evidence such as the fact that the Asian and Western national Olympic Committees, the International Olympic Committee and the World Anti-Doping Agency were all hacked shortly before and after the 2008 Olympics, held in Beijing.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code