“I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2,000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.” – Dmitri Alperovitch, Vice President, Threat Research, McAfee
Operation Shady RAT
The above quote is taken from a McAfee report on Operation Shady RAT, released in 2011. According to McAfee, this report represents “the most comprehensive analysis ever revealed of victim profiles from a five-year targeted operation by one specific actor.” Coined Operation Shady RAT by McAfee, RAT is a common industry term that refers to a remote access tool. The investigation targeted intrusions by one specific actor into more than 70 global companies, governments, and non-profit organizations over a five year period.
The report outlines the scope of the problem as follows: “What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth closely guarded national secrets (including those from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, supervisory control and data acquisition (SCADA) configurations, design schematics, and much more has “fallen off the truck” of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.” The report was released in 2011, nearly 5 years ago now.
The graph below categorizes the results of the investigation.
Read the entire report for yourself, keeping in mind these attacks were all perpetrated by a single actor.