McAfee uncovers monolithic targeted attack campaign

Infection

A huge targeted attack campaign, which lasted over five years and went after Governments as well as private businesses, has been reported by McAfee.

The security specialist said the attacks may have been state-sponsored due to a number of non-profit bodies being targeted. These included the UN and the International Olympic Committee.

The security giant identified 72 of the compromised parties, but many more were hit in the Operation Shady RAT attacks.

One UK computer security company was compromised for six months, whilst a defence contractor in this country was infected for a year.

Of those 72, 22 were Government organisations, including 14 US Government bodies. Another 13 were defence contractors.

Two of the targeted firms were from the UK, compared to 49 from the US.

One UK computer security company was compromised for six months, whilst a defence contractor in this country was infected for a year.

The attacks were typical targeted attacks, with spear phishing emails containing an exploit sent to workers within organisations.

"The exploit when opened on an unpatched system will trigger a download of the implant malware. That malware will execute and initiate a backdoor communication channel to the Command & Control web server and interpret the instructions encoded in the hidden comments embedded in the webpage code," said Dmitri Alperovitch, vice president for threat research at McAfee, in a blog post.

"This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organisation to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for."

A major US news organisation was compromised at its New York Headquarters and Hong Kong Bureau for more than 21 months, according to McAfee. The longest compromise hit the Olympic Committee of a nation in Asia, lasting 28 months.

"After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators," Alperovitch said.

"Virtually everyone is falling prey to these intrusions, regardless of whether they are the United Nations, a multinational Fortune 100 company, a small non-profit think-tank, a national Olympic team, or even an unfortunate computer security firm."

The majority of organisations hit have cleaned their systems of infection from the Operation Shady RAT campaign.

Earlier this year, McAfee reported on another wide-scale cyber attack targeting critical infrastructure - Operation Night Dragon.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.