A single quote says just about everything about the sheer scale of this recently-discovered global hack:
“In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.”
The cyberattack, dubbed Operation Shady RAT (Remote Access Tool), affected no less than 70 organizations, public and private, across 14 countries. The United Nations, defense contractors, the US Department of Energy, businesses and “every company in every conceivable industry with significant size and valuable intellectual property and trade secrets.”
The list of countries affected includes the United States and several Southeast Asian nations. But the targets notably do not include China, suggesting to many that the perpetrator of this massive hack was the Chinese government. In addition to the scale of the attack and list of targeted countries, The Register also notes that one target in particular points the way:
“The interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC) and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks,” writes Mitri Alperovitch, McAfee’s VP of threat research.
Researchers at McAfee have managed to gain control of one of the Command and Control servers, but says more are out there. Therefore, it is probably too soon to say for sure what the complete list of affected companies and organizations is.
This malware-fueled global breach may go down as the largest transfer of intellectual property in the history of the Internet. It differs from the relatively automated attacks carried out by #Anonymous and #LulzSec because once computers were compromised with malware, they would then be controlled by a human operator who continued to widen the permissions of the affected machine to access even more sensitive data.
The attack is not over, either. And experts already measure the loss of data in petabytes.
- Biggest-ever series of cyber attacks uncovered, UN hit – MSNBC.com
- Report on ‘Operation Shady RAT’ identifies widespread cyber-spying
- Security Firm Says It Found Global Cyber Spying – NYTimes.com
- Global cyber-espionage operation uncovered | InSecurity Complex – CNET News
- State-sponsored 5-year global cyberattack uncovered • The Register