Operation Shady RAT

By: Absolute Team | 8/5/2011

McAfee has just released a report on Operation Shady RAT, a term they've coined for "the most comprehensive analysis ever revealed of victim profiles from a five-year targeted operation by one specific actor." Essentially, the report looks to the known attacks made by one hacker, who has attacked more than 70 organizations around the world since 2006. McAfee speculates that it's quite likely the rest of the Fortune Global 2000 firms simply don't know they're victims yet.

"I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact." - Dmitri Alperovitch, McAfee's vice president of threat research

In this case, the hacker will focus on a specific company with an Advanced Persistent Threat (APT). The success of the hack may be as motivating as the data retrieved. Unlike most cybercrime, we don't yet know if there is a fallout yet to come. Where is all the data that has been taken? Is it being sold? Is it being used to make competing products (intellectual property)?

Very few of these intrusions will be made public, particularly if the targeted information was intellectual property. McAfee was able to gain access to one of the servers used by the intruders, and their analysis of the information and its implications for businesses is here.

Financial Services