Cybersecurity firm McAfee says it infiltrated a 'command and control' server with detailed logs of five years of cyberattacks against targets ranging from the US government to the World Anti-Doping Agency. McAfee suggests a country was behind it. Experts suspect China.
Cyberspies believed to be working for a national government for the past five years have stolen vast amounts of classified, sensitive, or proprietary information from at least 72 companies and government and nonprofit groups in 14 countries, with the bulk of the victims in the United States, a major cybersecurity firm is reporting.
“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth,” the report’s co-author, Dmitri Alperovitch, a vice president of Santa Clara, Calif.-based McAfee, wrote on his blog.
Targets of the information theft included the US federal and state governments, county governments, and Canadian, South Korean, Vietnamese, Taiwanese, and Indian governments. Among other targets: defense contractors, the United Nations, prodemocracy groups, and individual companies in the steel, energy, solar power, electronics, and computer security industries.
What distinguishes this new report from others in the recent past is its level of detail, some cybersecurity experts said. In part that could be because the perpetrators created detailed logs of their exploits on a “command and control” server that McAfee was able to infiltrate.
“Closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts,... and much more has ‘fallen off the truck’ of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries,” Mr. Alperovitch wrote.
Page 1 of 5