A MacAfee researcher who uncovered the effort said that a well known cyber-espionage campaign stole government secrets, sensitive corporate papers, and other intellectual property for five years from over 70 public and private organizations in 14 countries. The movement, called “Operation Shady RAT” (RAT symbolizes for “remote access tool”) was discovered by Dmitri Alperovitch, vice president of threat research at the cyber-security firm McAfee.
According to McAfee, while most of the targets have removed the malware, the operation goes on. It gained access to a crucial command-and-control server utilized by the attackers and has been monitoring the logs since 2006. According to Vanity Fair, Alperovitch has shortened senior White House officials, government agencies, and congressional staff and is working with U.S. law enforcement to shut down the operation’s command-and-control server.
Typically, a target would get compromised when an employee with necessary access to information achieved a targeted spear-phishing, email containing an exploit that would activate a download of the implant malware when opened an unpatched system. The malware would execute and start a backdoor communication channel.