Cybersecurity firm McAfee revealed details of a vast operation of malware, phishing, and snooping that stretches back to at least 2006 and comes from one specific country -- although McAfee stops short of pointing fingers.

Dmitri Alperovitch, McAfee’s Vice President of Threat Research, posted “Revealed: Operation Shady RAT“ on the official McAfee blog late Tuesday night. This impressively detailed report shows that 72 compromised parties in 14 different countries have been targeted in the past five years -- and also mentions that a number of others were hit but couldn’t be identified, and the campaign could easily have been going on before 2006 as well.

RAT stands for “Remote Access Tool”; Alperovitch portrays the typical method as a spear phishing attack that opens an email door to download state and corporate secrets, “standard procedure for these types of targeted intrusions.”

“A spear-phishing email containing an exploit is sent to an individual with the right level of access at the company, and the exploit when opened on an unpatched system will trigger a download of the implant malware. That malware will execute and initiate a backdoor communication channel to the Command & Control web server and interpret the instructions encoded in the hidden comments embedded in the webpage code. This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for.”

Targets include governments (the United States, Canada, South Korea, Vietnam, Taiwan, India, and the United Nations) as well as government contractors and other private companies, but also non-governmental organizations, a fact which Alperovitch finds significant.

“The interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC) and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks. The presence of political non-profits, such as the a private western organization focused on promotion of democracy around the globe or U.S. national security think tank is also quite illuminating. Hacking the United Nations or the ASEAN (Association of Southeast Asian Nations) Secretariat is also not likely a motivation of a group interested only in economic gains.”

Some are less reluctant than McAfee to name names; Fox News, well-known as a safe harbor for conservative views, is among the media sources who have already put China’s name directly in the headlines. Interestingly, when the New York Times talked to Mark Adams, a spokesman for the International Olympic Committee, Adams implied that someone might not be telling the truth. “We are unaware of the alleged attempt to compromise our information security claimed by McAfee. If true, such allegations would of course be disturbing,” Adams said. “The I.O.C. is transparent in its operations and has no secrets that would compromise either our operations or our reputation.”


James Lee Phillips is a Senior Writer & Research Analyst for With offices in Dallas, Las Vegas, and New York, & London, IBG is quickly becoming the leading expert in Internet Marketing, Local Search, SEO, Website Development and Reputation Management. More information can be found at Green Monster USA LLC offers renewable energy solutions from solar to the latest green technologies. Experience Green Monster today.