United Nations, US Government, Defense Contractors All Hit in Massive Cyber Attack
Hackers penetrated the United Nations, technology companies, defense contractors as well as the United States and foreign government networks as part of a massive five-year cyber-spying campaign, according to a stunning report by McAfee researchers.
Dubbed "Operation Shady RAT," the attackers penetrated 72 target networks since July 2006, McAfee disclosed on Aug.3. Government agencies in the U.S., India, South Korea and Taiwan were attacked, as well as high-profile global organizations such as the International Olympic Committee, McAfee said. Companies in Canada, Denmark, Germany, Indonesia, Singapore, South Korea, and Vietnam were also affected.
Despite the scope and duration, McAfee researchers are confident Shady RAT was the work of " a single actor/group," Dmitri Alperovitch, McAfee's vice president of threat research, wrote in the report.
Hackers tunneled into security systems and in many cases managed to lurk in networks undiscovered for more than two years, according to McAfee. Data was stolen from U.S. military systems, satellite communications, electronics and natural gas companies. The researchers believed the pattern of attack against Olympics committees and companies from the U.S., Taiwan and South Korea indicated a nation-state involvement.
Researchers gained access to a command-and-control server used by Shady RAT and accessed the logs to determine the scope of the campaign. The operation relied primarily on spear-phishing tactics to take control of the recipient's machine and then move through the network, the report said. Once the recipient fell for the phish, malware was downloaded to the machine to enable it to communicate with the C&C server. The infected system gave attackers the starting point to move elsewhere through the network and compromise other machines.
The goal didn't appear to be financial information or user names and passwords, but competitive intelligence that could be used by a government, McAfee said. In some cases, companies later detected the advanced persistent threat and blocked the attack but were unaware of the extent of the damage already caused.
McAfee did not name the compromised agencies, but said four U.S. government agencies, 12 U.S. defense contractors, four U.S. state and county governments in California and Nevada were among the victims. Other targets included a media company, think tanks, nonprofits, and electronics and solar power companies.
For more, read the eWeek article Massive Five-Year Cyber-Attack Hit U.N., U.S. Government Defense Contractors.