Operation Shady RAT

Score another big one for the good guys!  Even if they are a little late to the scene to save the maiden or slay the dragon…  I guess we have to score a whole bunch for the bad guys too, since they ran this scam successfully for so long…

Security vendor McAfee published a report on Tuesday about a hacking group that managed to penetrate 72 global companies, governments and non-profit organizations in 14 countries since 2006.  This massive operation stole national secrets, business plans and other sensitive information.  McAfee discovered the intrusions after gaining access to a command-and-control server that collected data from the compromised computers.  Over the past 5 to 6 years there has been a “historically unprecedented transfer of wealth” due to the operation it has named “Shady RAT”.

The attackers gained access to computers by sending targeted e-mails to individuals within the organizations containing an exploit that downloads malicious software and communicates with the command-and-control server to exfiltrate data and further infect their networks.  The data stolen consists of everything from classified information on government networks, source code, e-mail archives, exploration details for new oil and gas field auctions, legal contracts, SCADA (supervisory control and data acquisition) configurations, design schematics and more.  They were not too selective regarding the data that they gathered.  McAfee declined to name all of the organizations affected, but did name the International Olympic Committee (IOC), the World Anti-Doping Agency, the United Nations and the ASEAN (Association of Southeast Asian Nations) Secretariat.  Those organizations were of little economic interest to hackers, and add the speculation of nation state involvement.

In 2006, eight organizations were attacked, but by 2007 that number increased to 29, according to the report.  The number of victimized organizations peaked at 38 in 2009.  The duration of the compromises ranged from less than a month to more than two years in the case of an attack on an Asian Olympic committee.

So, should the average business, large, medium or small sized, be worrying about malware and the APT threat?  Oh, only if secrets, business plans and sensitive information matter to you, you bet your assets!  This cruft is going mainstream, this type of code is available, and coming soon to a PC near you.