Was your company one of the targets of Operation Shady RAT?
“I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know,” said McAfee’s Dmitri Alperovitch when the report about the state-sponsored global cyberattack Operation Shady RAT was made public.
The report named but a few of the 72 organizations targeted by the attackers. McAfee has said it has notified them of the intrusions, but has also said that the logs it analyzed date back only to 2006 – allowing the possibility that there were previous compromises, the evidence of which was not available for them to analyze.
Also, information about intrusions into the networks of many more parties has also been found in the logs, but in insufficient quantity to accurately identify the targets.
So, if you were wondering whether, by any chance, your company might have been one of the targets, security vendor Seculert has provided a simple, Web-based tool through which you can check if your computer has been in contact with the Shady Rat command-and-control server.
Of course, you can check one IP at a time, and a negative result means that just this particular computer hasn’t communicated with it. If it’s positive, the tool will tell you how many times it communicated with the C&C server and when it did so for the first time.
How is that possible, you might ask? Well, according to Computerworld, the server in question is still online and the logs accessible. Seculert’s CTO Aviv Raff says that it is located in the US, so it is impossible to tell for how long it will remain so given that the authorities have certainly been notified of that fact.