Biggest hacking campaign ever discovered – Operation Shady RAT

3 Aug 2011

The biggest hacking campaign ever has been uncovered, which breached computer networks of 72 organisations worldwide, including governments, the UN and defence contractors.

The campaign, known as “Operating Shady RAT” with RAT standing for “remote access tool,” was discovered by security firm McAfee.

McAfee found a command and control driver in 2009 which managed the campaign. Logs were uncovered in March 2011 which revealed the attacks.

Operation Shady RAT sent spear-phishing emails with malicious software to individuals at each organisation. When the person clicked on the link, it let the intruders gain access to the machine to infiltrate the computer network.

The breaches date back to mid-2006, though they could have started earlier, with attacks ranging from one month in duration to 28 months.

Operation Shady RAT infiltrated the governments of Canada, India, South Korea, Taiwan, the US and Vietnam. It breached the UN, the Association of Southeast Asian Nations, the International Olympic Committee and the World Anti-Doping Agency.

Along with these, Operation Shady RAT infiltrated 13 defence contractors – 12 from the US and one from the UK – and companies from numerous sectors, including construction, technology, the media and solar power. Specific victims were not identified.

A military, diplomatic and economic advantage

McAfee vice-president of threat research Dmitri Alperovitch believes the attacker was after sensitive data to give them a “military, diplomatic and economic advantage”, such as negotiation documents, electronics schematics and email archives.

“This is the biggest transfer of wealth in terms of intellectual property in history,” Alperovitch said.

“The scale at which this is occurring is really, really frightening. Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors,” he said.

He believes the attacker was a nation state, but did not identify which one. Jim Lewis, a cyber attacks expert with the Centre for Strategic and International Studies who was briefed by McAfee, told Reuters he thinks it could be China, considering how Taiwan and the International Olympic Committee were affected.