McAfee uncovers monolithic targeted attack campaign

McAfee uncovers monolithic targeted attack campaign

Operation Shady RAT targeted more than 72 organisations, including the UN and the International Olympic Committee.

A huge targeted attack campaign, which lasted over five years and went after Governments as well as private businesses, has been reported by McAfee.

The security specialist said the attacks may have been state-sponsored due to a number of non-profit bodies being targeted. These included the UN and the International Olympic Committee.

The security giant identified 72 of the compromised parties, but many more were hit in the Operation Shady RAT attacks.

Of those 72, 22 were Government organisations, including 14 US Government bodies. Another 13 were defence contractors.

Two of the targeted firms were from the UK, compared to 49 from the US.

One UK computer security company was compromised for six months, whilst a defence contractor in this country was infected for a year.

The attacks were typical targeted attacks, with spear phishing emails containing an exploit sent to workers within organisations.

“The exploit when opened on an unpatched system will trigger a download of the implant malware. That malware will execute and initiate a backdoor communication channel to the Command & Control web server and interpret the instructions encoded in the hidden comments embedded in the webpage code,” said Dmitri Alperovitch, vice president for threat research at McAfee, in a blog post.

“This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organisation to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for.”

A major US news organisation was compromised at its New York Headquarters and Hong Kong Bureau for more than 21 months, according to McAfee. The longest compromise hit the Olympic Committee of a nation in Asia, lasting 28 months.

“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators,” Alperovitch said.

“Virtually everyone is falling prey to these intrusions, regardless of whether they are the United Nations, a multinational Fortune 100 company, a small non-profit think-tank, a national Olympic team, or even an unfortunate computer security firm.”

The majority of organisations hit have cleaned their systems of infection from the Operation Shady RAT campaign.

Earlier this year, McAfee reported on another wide-scale cyber attack targeting critical infrastructure - Operation Night Dragon.

This article originally appeared at itpro.co.uk

Source: Copyright © ITPro, Dennis Publishing

See more about:  mcafee  |  uncovers  |  monolithic  |  targeted  |  attack  |  campaign  |  securitysoftware
 
 

Readers of this article also read...

Raspberry Pi: the $40 PC arrives 

Raspberry Pi: the $40 PC arrives

 
Wolfenstein 3D celebrates 20th anniverary with free game 

Wolfenstein 3D celebrates 20th anniverary with free game

 
Viral of the Week: VW Hover Car 

Viral of the Week: VW Hover Car

 
Google 'self-drive' cars get Nevada road-legal licence 

Google 'self-drive' cars get Nevada road-legal licence

 
In pictures: Post mortem of exploding iPhone 4S 

In pictures: Post mortem of exploding iPhone 4S

 

Latest Comments

Latest Poll

What PC component are you planning to upgrade in the next six months










Ads by Google

From our Partners

PC & Tech Authority Downloads