Online fingers are pointing to China following the August 2 revelation of an at least 5-year hacking plot that targeted the usual slew of companies and government entities--and also the International Olympic Committee and the World Anti-Doping Agency around the time of the 2008 Olympics.

The plot, exposed by security firm McAfee--which dubs it "Operation Shady RAT"--began at least in 2006. McAfee researchers gained access to a command and control server with penetration logs on it; RAT stands for "remote access tool." The operation's interest in organizations whose information is of likely no commercial benefit, such as also Asian and Western national Olympic committees, suggest a state actor, McAfee says in a white paper authored by Dmitri Alperovitch, a McAfee vice president of threat research.

Alperovitch names no country, but cybersecurity commentators have rushed to fill the void. A "computer expert with knowledge of the study, who spoke on the condition of anonymity out of reluctance to blame China publicly, said the intrusions appear to have originated in China," reports the Washington Post.

"All the signs point to China," James Andrew Lewis, director of the Center for Strategic and International Studies' technology and public policy program, told Vanity Fair, which was given an advance copy of the McAfee report. "Who else spies on Taiwan?" Lewis added, referring to Operation Shady RAT's targeting of a Taiwanese electronic company and government agency.

The operation works by sending a phishing email containing an exploit that when opened on an unpatched system will trigger a download of the implant malware, McAfee says. The malware initiates a backdoor communication channel to the command and control server where hidden comments are embedded in webpage code. Live intruders then access the infected machine and "quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for," the paper says.

Also among the organizations targeted by the operation is the United Nations. Of the 72 organizations that server logs show, U.S. companies or governments--from the local and state level through federal--constitute the vast majority, with 49 such organizations having been targeted.

What exactly happens to the data RAT hackers take is unknown, McAfee says, but the operation's emphasis on data is different from "the immediate financial gratification that drives much of cybercrime."

"What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth--closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design schematics and much more has 'fallen off the truck' of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries," the white paper states.

For more:
- download "Revealed: Operation Shady RAT" (.pdf)

Related Articles:
Lewis: Cyber attacks are rare 
Confusing documentation threatens DoD cyber efforts 
United States and India agree to share cyber threat information 
DHS official: Security vulnerabilities present in technology supply chain