Revealed: Operation ShadyRAT

On August 2nd, the computer security firm McAfee released a report detailing its recent discovery and investigation of a long-term hacking operation dubbed “ShadyRAT.”  ShadyRAT, which extends as far back as 2006 and appears to have state backing, clearly stands apart from other recent high-profile attacks carried out by ambiguous hacktivist groups such as Anonymous and LulzSec, which seem to have been done more for making a politically charged statement or notoriety.

Dmitri Alperovitch, McAfee’s Vice President of Threat Research and author of the report, submits that ShadyRAT, which targeted at least 71 public and private organizations across 14 different regions, is nothing short of “historically unprecedented” and poses a significant threat to both economic and national security across the globe.

Key Conclusions

The possibility that such an audacious attack was carried out by or with the implicit support of a state actor raises implications about the relationship between nations and hackers. Cyber attacks rarely have a clear distinction between states acting criminally or criminals acting on behalf of the state and thus pose substantial challenges for how to appropriately confront these threats. Regardless, the ShadyRAT operation has highlighted calls for the international community to actively take steps in developing norms for appropriate behavior among nations when it comes to cyber security.


The attacks impacted organizations from North America, Europe, and Asia. While the report refrains from specifically identifying all 71 victims, it does divide them into 32 different organizational categories in order to display the unique breadth and diversity of the attacks. Identified categories include:

–    21 federal and international governments, including the United Nations
–     6 industrial companies, including ones in the steel and solar power industries
–    13 information technology firms
–    13 defense contractors, including a computer security firm
–    6 financial institutions
–    12 public non-profit organizations such as the International Olympic Committee and various think tanks

The report stops short of identifying a culprit but concludes there is enough evidence to support the likelihood that a state actor was behind the attacks. While defense and government secrets are enticing to foreign governments and information profiteers alike, attacks on the International Olympic Committee and the World Anti-Doping Agency have little commercial benefit (adding to the intrigue is the fact that the attacks took place just before the 2008 Olympics). In McAfee’s report, Mr. Alperovitch observes “hacking the United Nations or the Association of Southeast Asian Nations (ASEAN) Secretariat is highly unusual for a group interested only in economic gains.”

The report also highlights the potentially devastating economic implications of ShadyRAT’s activities. Stealing design schematics for new technologies, legal contracts, and exploration details for oil and natural gas poses serious potential for long-term economic damage to both companies and states who, according to the report, “face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world.”