McAfee Talks About Attack Dubbed Operation Shady RAT
Most of us follow all the hacking stories that have been surfacing over the last year or so and think that the rate of hacking is gone up dramatically. According to McAfee, it's not so much that attacks are increasing, it's just that the attacks are now being announced instead of hidden away. McAfee is also publishing a new report that it says is one of the most comprehensive analysis ever revealed of victim profiles from a five-year long targeted operation by a specific actor dubbed Operation Shady RAT.
McAfee says that most of the victims of the attack have long since fixed the vulnerabilities that allowed the attack. McAfee was able to gain access to one of the Command & Control servers that the intruders used in the attack and collected logs from the server that show the extent of the victim population since 2006. The attacks were apparently started by sending an email with a malware attachment to someone with access at the target company.
Once executed the malware would start communications with the attackers. The attackers would then access the network and start setting up camp and stealing data. Overall McAfee found that 72 organizations were targeted and infiltrated. There were 22 governments around the world infiltrated, six industry companies, 13 electronics firms, 13 defense contractors, four in the financial and real estate markets and 12 in sports and other nonprofit categories. Some of the organizations were only infiltrated for a month, while others were infiltrated, like the Government of South Korea, for well over two years. The report is an interesting read because it shows the attackers adapting and changing tactics over time.
[via McAfee]