Operation Shady RAT

Neil Waghorn

Internet security giant McAfee announced findings yesterday that a single state actor was responsible for gaining access to 72 networks over the last 5 years. Its investigation, dubbed ‘Shady RAT’ (Remote Access Tool) found that the state responsible, who McAfee do not identify, gained access to the networks through spear-phishing emails that installs malware that opens the network up to outside access.

The scale and scope of targets is impressive, ranging from International Olympic Committee (IOC), the United Nations and the World Anti-Doping Agency to Vietnam’s government-owned technology, US federal government agencies and various defence companies and industries. These infiltrations were not just against the West, although the majority (49) were against America, with a wide range of Asian countries being targeting – including Indonesia, Vietnam, Taiwan, Japan, South Korea and Hong Kong.

There has been widespread speculation in the media that China was responsible for these infiltrations citing previous Chinese actions. The fact that petabytes of data have apparently been taken from various industries across the globe ties in with Admiral Lord West’s warnings over China in a recent DefenceIQ interview.

Dmitri Alperovitch, Vice President of Threat Research at McAfee warns that the number of infiltrations was higher, but that they could not identify all of the victims. In a chilling warning regarding cyber security, he divides ‘the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.’

For more information on Operation Shady RAT, visit McAfee’s blog.