The United Nations, numerous governments around the world and dozens of corporations were hacked over a five-year period in what security experts are calling the biggest set of cyber attacks ever. McAfee Labs, which discovered the breaches, said that a "state actor" is likely to blame for the campaign, which it dubbed "Operation Shady RAT."

The hacking campaign, which dates back to the middle of 2006, targeted high-tech companies, defense contractors, the U.S. government and numerous other governments, including those of Canada, India, Taiwan and South Korea, McAfee wrote in a 14-page report. McAfee's researchers came across the attack logs in March when they were investigating the contents of a server as part of a review of breaches at defense contractors.

The extent of the Operation Shady RAT hackers' audacity took experts by surprise. The attackers were stealthy, breaking into systems and remaining there clandestinely over long periods to steal secret information. They remained undetected in the U.N. secretariat's network for almost two years. An attack on the Olympic Committee in one Asian country continued sporadically for 28 months.

Industry (not to mention the public) often doesn't understand the extent of the security threat today in large part because victims tend not to disclose breaches, Dmitri Alperovitch, vice president for threat research at McAfee, wrote in a blog post Tuesday. The goal of releasing the Operation Shady RAT report was to raise awareness, he wrote.

The compromises were basically run-of-the-mill as far as targeted intrusions go. The hackers sent a spear-phishing email containing an exploit to a targeted individual, and when it was opened it triggered a malware download, Alperovitch wrote. The malware would open a backdoor avenue to communicate with a command and control server, and shortly after that, live intruders could access the infected computer.

For more:
- see the McAfee Operation Shady RAT report (.pdf)
- see Dmitri Alperovitch's blog post

Related Articles:
IMF hack blamed on state-sponsored phishing
North Korea blamed for March DDoS attacks on South Korean websites
Hackers exact revenge against PBS
Recent high-profile hackings were preventable, says CWE/SANS list of widespread vulnerabilities