London – United States government agencies, the United Nations, defense contractors and Olympic bodies were all targeted by a single intruder in an “unprecedented” campaign of cyberspying, says a new report by a computer-security firm.
The operation, which targeted agencies and groups in 14 countries, bore the hallmarks of state-sponsored espionage, according to the report by security company McAfee. However, other cybersecurity experts downplayed the report’s findings.
McAfee said the attacks, which it called Operation Shady RAT, allowed hackers potentially to gain access to military and industrial secrets from 72 targets, most of them in the United States, over a five-year period.
McAfee did not name all the targets but said the sheer scope of victims, including 14 US government bodies; the governments of Canada, India, South Korea and Taiwan; defence contractors; the International Olympic Committee; and even a cybersecurity company, indicated no one is safe.
Dmitri Alperovitch, McAfee’s vice president of threat research, said attacks on political nonprofit groups indicated a “state actor” could be behind the operation. He declined to name a specific country, but media reports have pointed a finger at China.
Others have cast doubt on Alperovitch’s claim, saying the report sheds no new light on the world of cybersecurity and makes sweeping assumptions about the impact of the hacking operations.
In his 14-page report on McAfee’s findings, Alperovitch asserted that Operation Shady RAT may have cost its victims billions in terms of lost revenues and stolen secrets.
“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth,” he said.
“Close guarded national secrets, source code, bug databases, email archives, negotiation plans . . . and much more has fallen off the truck of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.”
He said the hackers used sophisticated “spear phishing” techniques, targeting individuals within organizations with high-security clearance and harvesting their details and passwords to gain a foothold inside computer networks.
Once inside, they installed so-called remote access tools – the RATs – that give Shady RAT its name – to infiltrate more computers and steal data.
McAfee said it discovered the breaches in March after gaining access to a “command and control” computer server that contained hacking records. These dated to 2006, but McAfee said activity probably went back even further.
“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” Alperovitch said.
He added the range of victims suggests “virtually everyone is falling prey to these intrusions, regardless of whether they are the United Nations, a multinational Fortune 100 company, a small nonprofit think tank, a national Olympic team or even an unfortunate computer security firm.” (CNN)
