Huge cyber-attack targets United Nations, defense contractors

More than 70 government organizations and corporations in 14 countries have been targeted in a cyber-attack identified by the security firm McAfee. 

The attack appears to have begun in 2006, and resulted in data theft from a wide range of organizations.

Operation Shady RAT (Remote Access Tool), as the attack has been dubbed, appears to have affected the United Nations, a Department of Energy lab and the International Olympic Committee as well as numerous local governments and defense contractors.

ADVERTISEMENT
"Although Shady RAT’s scope and duration may shock those who have not been as intimately involved in the investigations into these targeted espionage operations as we have been, I would like to caution you that what I have described here has been one specific operation conducted by a single actor/group," said McAfee vice president of threat research Dmitri Alperovitch.

"This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing," he said.

Experts have suggested the attack may have been engineered by a foreign nation, with China appearing the most likely source. Many of the organizations targeted in the attack have already secured their systems, but portions of the data collection continue today.

Alperovitch said his firm was able to gain a log of victims since mid-2006 by accessing one of the servers used in the attack, though the snooping might have begun earlier. He said the actual attack was fairly standard: a spear-phishing email with a virus sent to an employee with the right amount of access.

Once the employee opens the message, their machine will download the malware, which then opens a backdoor into the system accessible from the outside servers. Soon after, live intruders will access the infected machine to expand its access and compromise other networked devices.