Operation Shady RAT - China's Latest Hacking Attack on the West

Reply Fri 5 Aug, 2011 12:48 pm
Alperovitch first picked up the trail of Shady RAT in early 2009, when a McAfee client, a U.S. defense contractor, identified suspicious programs running on its network. Forensic investigation revealed that the defense contractor had been hit by a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or RAT—onto the victim’s computer. The RAT opened the door for a live intruder to get on the network, escalate user privileges, and begin exfiltrating data. After identifying the command-and-control server, located in a Western country, that operated this piece of malware, McAfee blocked its own clients from connecting to that server. Only this March, however, did Alperovitch finally discover the logs stored on the attackers’ servers. This allowed McAfee to identify the victims by name (using their Internet Protocol [I.P.] addresses) and to track the pattern of infections in detail.

More: http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109

Also: http://www.vanityfair.com/culture/features/2011/09/chinese-hacking-201109
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 0 • Views: 1,295 • Replies: 0
No top replies


Related Topics

  1. Forums
  2. » Operation Shady RAT - China's Latest Hacking Attack on the West
Copyright © 2021 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 06/20/2021 at 03:19:40