The Shady Rat Attack
I kid you not – today’s blog entry is about Operation Shady RAT, yet another great name for a cyber attack. Not since my teenage obsession with professional wrestling (I have long since moved to less embarrassing obsessions) have I been so amused at the names people pin to people and events. Unfortunately, and without any hint of humor, Operation Shady RAT, which may encompass the largest collection of security breaches in the history of cyber crime, has continued for five years and targeted and infiltrated over 72 organizations around the world.
Almost as remarkable as the magnitude of Shady RAT is the seeming incompetence of not only the organizations that were breached, but also the hackers that perpetuated the attacks. After study, McAfee reported that the attacks were unsophisticated and should have been easily avoided. In addition, the hackers seemed to also lack skill, leaving their attack servers open for examination. These seemingly careless hackers also left behind logs which provided McAfee and other investigators with records as to what organizations were attacked and what data was obtained.
However unsophisticated the attacked organizations and hackers might be, Operation Shady RAT has collected a remarkably diverse set of information from an equally diverse set of organizations.
The information gathered by Shady RAT has already been used in phishing emails. These emails include seemingly harmless attachments such as Word, Excel, PowerPoint and PDF documents. When opened, these attachments install a trojan (malicious software), while at the same time displaying the expected document. Each trojan contains hidden or encrypted instructions that allows it to contact the hacker command and control server and let attackers know it compromised the targeted organization. As noted above, the means of attack, as well as the collection techniques, were rather common and should never have succeeded.
Also included in the McAfee report, the following excerpt, which provides additional insight into the depth and breadth of Operation Shady RAT
What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth — closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design schematics and much more has “fallen off the truck” of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.
All indications are that persistent and determined attacks, such as Shady RAT, will become more common as countries and well-funded organizations with malicious intent enter into expanding global cyber spying efforts.
Thought still unproven, there are suspicions that Shady RAT has been orchestrated by China. There also seems to be little doubt that the United States has been equally active in collecting huge quantities of information from foreign governments and companies.
Operation Shady RAT may be a silly name, but it also may be ushering in a new era of spy games. Imagine the next James Bonds movie featuring a 17 year-old geek artfully spying on foreign nations, breaking into government websites and stealing national secrets, all without ever leaving the comforts of his mother‘s New Jersey home. I doubt if spying will ever be the same.
