Operation Shady Rat

Operation Shady Rat

The impact of Operation Shady Rat was felt throughout the world, dating from 2006, reaching over 14 countries; 70 victims featuring government organisations, companies and not for profits were targeted.

Organisations such as the UN and the Olympic committee were targeted, the list of which may have noticed the breaches individually, however it was the discovery of the command and control center communication providing access to one central actor which made the discovery even more notable in 2011.

The victims themselves may have discovered or inadvertently removed the infection via formatting the devices in the past, but it was the discovery that all of these attacks came from the same origin which highlighted the impact of such event occurring. It was suggested that due to the scale and the complexity of the attack that this may have originated from a state sponsored actor, also some of the victims were not targeted for economic reasons; therefore no financial gain but the prospect data could be used by those of a government origin.

The initial breach used spear phishing to contact specific people at these organizations. Via the victims visiting malicious links or opening attachments the attackers were able to infiltrate and create backdoors.

The Remote Access Tool (RAT) was used to communicate with the victims computers. This enabled them to have control of the computers so they could exfiltrate the data or carry out other tasks.

The goal of the malware was to keep its infiltration hidden, of which it succeeded over a period of at least five years in some cases. This was possible with the use of steganographic images embedded with instructional code to communicate with the servers of the hackers.
The irony is that some of the images referenced to a well-known steganography test image, of the cropped model Lena Soderberg. 


Popular Posts