Project Enlightenment Attacks Reminiscent of Shady Rat

Wednesday, May 02, 2012



Security provider Cyber Squared has released a detailed report examining a widespread cyber espionage operation that targeted a variety of companies and organizations across multiple sectors.

The report, titled “Project Enlightenment: An Overview of Modern Cyber Espionage in a Global Economy”, was the result of an initial investigation of what was at first considered a solitary security incident.

"What initially appeared to be an isolated cyber-attack possibly associated with the Taiwan Airpower Modernization Act (TAMA) S.1539, unraveled the thread of a pervasive and coordinated military grade cyber espionage campaign. During the course of the investigation, technical intricacies emerged, such as how the attack was carried out and who the likely perpetrator was," a Cyber Squared press release states.

The report characterizes the targets of the operation as including:

  • U.S. Public Policy Think Tanks and Research Organizations
  • North American Technology Companies
  • European Food Safety Organizations
  • North American Immigration Organizations
  • European Environmental Organizations
  • Southern Pacific Agriculture & Fisheries Organizations
  • European Maritime & Shipping Organizations
  • International Steel, Gold and Copper Mining and Raw Materials Organizations
  • International Law Firms & Public Relations Organizations
  • East Asian Economic Policy and Diplomacy

”This case underscores that many business leaders and policy makers are failing to adequately address the reality of cyber espionage,” said Richard Barger, Cyber Squared’s CIO.

The disparate array of targets underscores the pervasive nature of inadequacies where the defense of sensitive information systems is concerned.

“This story is unique, because of the diversity of the victim types all being compromised by the same adversary. When considering the significance of the observed victims and their role within their respective industries, the compromises are especially worrisome,” said Adam Vincent, Cyber Squared’s CEO.

While Vincent describes the operation as being unique in nature, the breadth and lack of complexity of the operation is very reminiscent of those detailed in McAfee's "Operation Shady RAT" report released in August of 2011.

Shady Rat perpetrators were found to have targeted at least 72 organizations and businesses including the United Nations, several defense contractors, and the International Olympic Committee.

Cyber Squared’s Barger confirmed that the nature of the attacks outlined in Project Enlightenment were common, and lacked the sophistication of what would be considered an Advanced Persistent Threat.

“From a technical perspective, Project Enlightenment is another example of increasingly common cyber espionage activities. While the attack method was simple, it successfully compromised dozens of organizations and bypassed their existing security and detection measures. This project illustrates why better protection via real-time Security Intelligence is essential to protecting sensitive corporate information," Barger explained.

McAfee cam under fire from a range of security experts for the Shady Rat report, most notably by Eugene Kaspersky who openly criticized the merits of the report, questioning whether McAfee's effort was merely an exercise in FUD (fear, uncertainty, and doubt).

Only time will tell how Cyber Squared’s report is received by the security community.


Possibly Related Articles:
Enterprise Security
Enterprise Security Attacks Headlines Espionage Network Security FUD Shady Rat Project Enlightenment Cyber Squared
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.