McAfee Publishes Shady RAT Analysis
Dmitri Alperovitch, Vice President of McAfee's Threat Research division, released a whitepaper detailing the activity of an intrusion set known as Shady RAT (pdf) spanning half a decade across the globe. McAfee researchers were able to obtain five years of implant activity logs from a C2 server whereupon they could analyze actions against 70+ global targets. Without pointing the finger at China, the origin was implied between the lines. Despite including government and defense contractors, the Shady RAT activity spanned such a broad reach of industry as to reveal the foreign actors intent to literally collect everything. Dmitri highlighted the targets even included anti-doping agencies and the Olympic Committee coincidentally during the last Summer Olympics, further evidencing the usage of the same intrusion tools for all susceptible targets.
"Although Shady RAT’s scope and duration may shock those who have not been as intimately involved in the investigations into these targeted espionage operations as we have been, I would like to caution you that what I have described here has been one specific operation conducted by a single actor/group."