.png)
A young man in a cyber cafe in Wuhan, China, sits at work at a computer. The Chinese regime, while not fingered in this case, has been implicated in previous cyber espionage campaigns of similar scope.(Cancun Chu/Getty Images)
A large-scale concerted cyber-espionage operation snatched confidential government and institutional data as well as trade secrets and intellectual property from dozens of governments, international organizations, and business entities worldwide over a period of several years, an investigation by security firm McAfee reveals.
The attacks, conducted by a large unnamed "state actor," stole heaps of information over the past five to six years in what amounts to a "historically unprecedented transfer of wealth" of petabytes (millions of gigabytes) of data, according to a report released Tuesday by McAfee written by its Vice President of Threat Research Dmitri Alperovitch.
While McAfee didn’t explicitly name the "state actor," experts point to China as the source of attacks.
A McAfee report released in February revealed cyberattacks on several global energy companies and explicitly named China as the source of hacking. Those cyberattacks were named “Night Dragon.”
"Everything points to China," Jim Lewis, a cybersecurity analyst with the Center for Strategic and International Studies, told the news agency Reuters, adding that many targets, such as the IOC and Taiwanese entities, were of strategic interest to Beijing.
In the past few years, search giant Google has disclosed phishing and other cyber attacks on its infrastructure, on the Gmail accounts of Chinese human rights activists, and on high-ranking U.S. government and military personnel. Google has publicly accused China of those attacks.
These new attacks, in contrast, appear to have been deliberately planned and targeted at military, political and economic branches of various countries.
"This is a whole different level to the Night Dragon attacks that occurred earlier this year. Those were attacks on a specific sector. This one is very, very broad," BBC News quoted Raj Samani, McAfee’s chief European technology officer, as saying.
In an operation dubbed "Operation Shady RAT," the hackers, who were "motivated by a massive hunger for secrets and intellectual property," penetrated the networks of 72 institutions, including the United Nations; the International Olympic Committee; U.S. government agencies; the governments of Canada, South Korea, Taiwan, Japan, and Britain; and various defense contractors and technology firms.
Some organizations that had their security penetrated were compromised for less than a month. Five targets saw intrusions on their networks stretch for two years or longer: a South Korean government agency, a county government in Southern California, an Olympic Committee of an unnamed Asian country, an unnamed U.S. state government, and an American satellite communications company.
According to the McAfee paper, intruders reportedly sent targeted "spear-phishing" e-mails with malware to individuals who had high-level access to the targets that, upon their opening, would trigger an exploit that would open a backdoor communication channel with the hackers’ servers.
"This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for," the report said.
The massive amount of data pilfered by the cyber-hackers represents grave security and economic threats to whole countries and industries, the report notes."If even a fraction of [the stolen data] is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world, not to mention the national security impact of the loss of sensitive intelligence or defense information," the paper warns.
Correction: The original headline identified these cyber attacks as originating from China. While that is not confirmed, experts believe it is likely.
