The targeted organizations included the US, Canadian, Vietnamese, and Taiwanese governments, the International Olympic Committee, companies from a broad range of industries, and a US national security nonprofit organization. McAfee has dubbed the campaign Operation Shady RAT (remote access control).
The perpetrators stole national security secrets, source code, bug databases, confidential email archives, negotiation plans, document stores, legal contracts, industrial control configurations, design schematics and a lot of other proprietary information, McAfee noted.
“This is not a new attack”, explained McAfee researcher Dmitri Alperovitch in a blog. “The vast majority of the victims have long since remediated these specific infections (although whether most realized the seriousness of the intrusion or simply cleaned up the infected machine without further analysis into the data loss is an open question).”
To conduct the research, McAfee gained access to a command and control server used by the perpetrators of Operation Shady RAT. "After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators”, Alperovitch said.
The McAfee researcher concluded on an ominous note: “We know of many other successful targeted intrusions (not counting cybercrime-related ones) that we are called in to investigate almost weekly, which impact other companies and industries. This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing.”