Finding a RAT behind Cyber Attacks

Thursday, August 4, 2011 @ 12:08 PM gHale

Is it new or is it just garnering more attention these days? At any rate, over a 5-year period, there was a series of cyber attacks on the networks of 72 organizations globally, including the United Nations, governments and corporations.

The theory behind the attacks is there was one “state actor,” but McAfee, which found the network attacks, declined to name it.

RELATED STORIES
New DoS Tool Hits Cyber Street
Cyber Report: Crime Costs Climb
Fake Anti Virus via Social Means
Stolen Certificates: True Attacker Booty

The long list of victims in the extended campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and quite a few companies, from defense contractors to high-tech enterprises.

In the case of the United Nations, the hackers broke into the computer system of its secretariat in Geneva in 2008, hid there for nearly two years, and combed through reams of secret data, McAfee said.

“Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” McAfee’s vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report.

“What is happening to all this data … is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat.”

McAfee learned of the extent of the hacking campaign in March this year, when researchers discovered logs of the attacks while reviewing the contents of a “command and control” server they had discovered in 2009 as part of an investigation into security breaches at defense companies.

It called the attacks “Operation Shady RAT” and said the earliest breaches date back to mid-2006, though there might have been other intrusions. (RAT stands for “remote access tool,” a type of software that hackers and security experts use to access computer networks from afar).

Some of the attacks lasted just a month, but the longest — on the Olympic Committee of an unidentified Asian nation — went on and off for 28 months, McAfee said.

Alperovitch said McAfee informed all 72 victims of the attacks, which are under investigation by law enforcement agencies around the world.

McAfee, acquired by Intel Corp this year, would not comment on who or what was responsible.



Leave a Reply

You must be logged in to post a comment.