Shady Rat Attacks Hit 70 Organizations, 14 Countries
Operation Shady Rat, a massive cyber-espionage campaign, has been under way for five years against national governments, global companies, nonprofits, and others, says McAfee.
(click image for larger view)
Slideshow: 10 Massive Security Breaches
A massive advanced persistent threat (APT)-type attack campaign has been ongoing worldwide for five years that has stolen intellectual property from 70 government agencies, international corporations, nonprofits, and others in 14 countries, according to a new published report in Vanity Fair.
The so-called "Operation Shady Rat," which is detailed in a new report by McAfee, has mostly hit U.S.-based organizations and government agencies (49 of the 70 victims), but government agencies in Taiwan, South Korea, Vietnam, and Canada are among its victims, as are organizations in Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India, according to the Vanity Fair article.
Some 14 U.S. Defense contractors are among the targets, as is the International Olympic Committee, the United Nations, the World Anti-Doping Agency, and the Association of Southeast Asian Nations.
According to the report, the attackers have lifted sensitive government information, email, legal contracts, and design documents.
Dmitri Alperovitch, vice president of threat research at cybersecurity firm McAfee, reportedly first caught wind of the attacks in 2009 during a forensics investigation of a U.S. defense contractor client.
Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud. In this Dark Reading Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes and controls. Read our report now. (Free registration required.)
Published: 2015-08-31 Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by ...
Published: 2015-08-31 Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown ...
Published: 2015-08-31 Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
Published: 2015-08-31 Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
Published: 2015-08-31 Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.