McAfee uncovers Operation Shady RAT global cyber espionage attack

McAfee has revealed research pointing to what could be the largest global co-ordinated cyber attack to date, spanning 14 countries and compromising a staggering 72 organisations including the United Nations, defence contractors and even Olympic committees over a five-year period.

Operation Shady RAT shares many similarities with the Operation Aurora and Night Dragon large-scale compromises also uncovered by researchers at the security firm, most notably in that Chinese hackers are again the prime suspects.

McAfee vice president of threat research Dmitri Alperovitch explained that the firm gained access to a command-and-control server used by the attackers and collected log details revealing all the victims since 2006 when the log began.

Alperovitch said that the attacks began with a standard malicious spear phishing email sent to someone with appropriate access rights in a company which, when opened on an unpatched system, would trigger a malware download.

"That malware will execute and initiate a backdoor communication channel to the command-and-control web server and interpret the instructions encoded in the hidden comments embedded in the web page code," he said.

"This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organisation to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for."

Alperovitch warned that the huge diversity of organisations not only highlights the attackers' audacity but shows that virtually any company could fall victim to such attacks.