Security giant McAfee has released a report revealing that a single entity has compromised over 76 organizations during the past five years with the intention of stealing intellectual property.
McAfee began investigating Operation Shady RAT, its name for the massive cyber espionage effort, back in 2006. Since then the firm has identified 76 targeted organizations, 49 of which are from US, but many others remain unknown.
McAfee's vice-president of threat research, Dmitri Alperovitch, who was directly involved in the investigation, believes that every company, regardless of industry, with valuable intellectual property, has been compromised or will be in the future.
"In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know
," the security researcher writes in the report [pdf
], adding that "the adversary is motivated by a massive hunger for secrets and intellectual property
As far as Operation Shady RAT is concerned, McAfee believes that a single nation-state actor is behind it, but didn't give any names. This didn't, however, stop others from pointing the finger at China.
One has to admit that it does look a little bit suspicious that none of the 76 companies targeted in this operation, which McAfee estimates led to the exfiltration of multiple petabytes of data, was from China, especially since the country repeatedly claimed that it's a victim of cyber attacks just like everyone else.
The shortest time a targeted organization remained compromised by the actor behind Shady RAT was one month and the longest was 28 months, the Olympic Committee of an Asian country.
Other noteworthy long-term compromises include those of a South Korean government agency (27 months), a U.S. federal government agency (25 months), a U.S. satellite communications company (25 months), a Southern California county government (24 months) and the Hong Kong office of a U.S. news organization (21 months).
While the extent of Operation Shady RAT alone might be jaw-dropping to some, Alperovitch claims the problem is more widespread. "We know of many other successful targeted intrusions (not counting cybercrime-related ones) that we are called in to investigate almost weekly, which impact other companies and industries. This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries
," the researcher concludes.