Operation Shady Rat Brings Attention to Advanced Persistent Threats

Sue Marquette Poremba

By now, you probably heard the big news from the Black Hat conference: McAfee's revelation of a massive and ongoing cyber attack called "Operation Shady Rat."


The length and nature of this attack obviously has a lot of people worried and debating over what steps could have prevented or alerted people to the attack earlier. Addressing that thought, Bill Roth, CMO of LogLogic, said in an email statement:

The Shady Rat incident shows just how sophisticated the bad guys are becoming. We, in the security community, need to constantly test our assumptions about the nature of our systems and networks. Shady RAT shows that Advanced Persistent Threats are not just a clear and present danger, but that they take advantage of the notion of the duration of a normal attack. Attacks are now perpetrated by people with large amounts of resources and time, indicating the need for systems that can retain and manage data for a long period of time.

Apparently, a number of people are pointing the finger at China (McAfee isn't saying), and at least one person has raised the idea that we should have been watching China a lot more closely. In a June 4 blog post, Harry Sverdlove of Bit9 wrote:

The FBI is being tasked to investigate Google's recent claim that attacks on the gmail accounts of senior government officials, and hundreds of others, originated from Jinan, China. This is the same location identified in the highly publicized and sophisticated Aurora attacks that hit Google, Adobe, Intel and others in late 2009. Jinan is the home of the Lanxiang vocational school, which reportedly has military links ... Both civilian and public institutions are under constant cyber attack from China, and the organizations being attacked are more often than not able to trace the sources. But officially, few are willing to go on record with this information. It is ironic that China is trying to hide and censor the result of Google searches while Google is trying to reveal the source of breaches.

I'm not necessarily surprised that this has been going on, and going on for so long. In my personal life and in casual conversations, I talk to people who work for the government or as government contractors, and too many of them shrug off the importance of security (not just network security, either). I also think Sverdlove is spot on in his concerns about China, also based on those informal conversations.


However, I find it interesting that when I talked to the people involved in the Ponemon Institute study on the cost of cyber crime, the influence of advanced persistent threats was pointed out repeatedly. I think this is something we're going to be talking about a lot in the coming weeks and months.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.