Taking Shady RAT to the Next Level
Alperovitch points out that their data goes back to mid-2006:
We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began. Note that the actual intrusion activity may have begun well before that time but that is the earliest evidence we have for the start of the compromises.
This was around the time that Julian Assange was building up the content that, he recounted in emails at the time, that his hard drives were filling up with eavesdropped documents:
We have received over 1 million documents from 13 countries, despite not having publicly launched yet! (Wikileaks Leak, Jan, 2007)
Although Assange has since denied the material came from eavesdropping, it seems clear that it was, until McAfee’s report, the earliest example of a significant trove of documents and emails stolen by China-based hackers. This may have been the same channel stumbled upon a year later by Egerstad (Dan Egerstad’s Tor exit nodes get him arrested and proves a point I made in July | ZDNet).
There were, however, reports in mid 2006 of largescale theft of documents: State Dept (May), and NIPRNet (June), US War College (Sept) and German organisations (October).
I would like to see more data from McAfee and, in the interests of transparency, at least the metadata from the still unrevealed WikiLeaks stash in order to do some note comparing and triangulation. I’d also like to see this material compared with the groundbreaking work by three young Taiwanese white hats, who have sifted through malware samples to try to group together some of these APTs: APT Secrets in Asia – InSun的日志 – 网易博客.
The work has just begun.
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on Google+ (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Telegram (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to print (Opens in new window)
- Click to email this to a friend (Opens in new window)
- Click to share on WhatsApp (Opens in new window)
- Share on Skype (Opens in new window)
04. August 2011 by jeremy
Categories: datawars, Design | Tags: Asia, China, Dan Egerstad, Dmitri Alperovitch, Espionage, Internet censorship, Julian Assange, Malware, McAfee, National security, Operating Thetan, Security, US War College, Whistleblowing, Wikileaks | Comments Off on Taking Shady RAT to the Next Level