72 large organizations from the around the world including 22 government organizations and 13 defense contractors as well as the United Nations have been comprised over three years according to a McAfee whitepaper investigation.
McAfee say there was a “state actor” as most of the attacks had “no commercial benefit to be earned from such hacks.” Some security analysts say that China was behind the attacks though McAfee has not released any further details of the country of origin. An industry breakdown has been revealed showing the wide-spread scope of the attack.
Dmitri Alperovitch, VP Threat Research at McAfee, said that every company with valuable trade secrets were likely already hacked or about to be hacked and that “the great majority of the victims rarely discovering the intrusion or its impact.”
McAfee started Operation Shady RAT (RAT stands for Remote Access Tool in the security industry) in mid-2006 after they gained access to “one specific Command & Control server used by the intruders.” The intruders used a Trojan virus in an email to gain access to machines and spread the virus throughout the targeted company. Companies in the United States received 49 attacks followed by Canada with 4 as well as South Korea and Taiwan with 3, other countries listed by McAfee having two to one victims.
“An Olympic Committee of a nation in Asia” was compromised for the longest time for 28 months whilst other organizations including an accounting firm, the International Olympic Committee, an US state, two US government contractors and four other companies were involved in what could be a “quick smash and grab operation that did not require a persistent compromise of the victim.”