'Operation Shady RAT' Attackers Employed Steganography

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/security/attacks-breaches/231400084/operation-shady-rat-attackers-employed-steganography.html

By Kelly Jackson Higgins
Dark Reading
Aug 11, 2011

The attackers behind the "Operation Shady RAT" targeted cyberespionage 
hacks hid some of their activities behind digital images.

They used steganography, a relatively rarely deployed technique for 
hiding malicious code or data behind image files or other 
innocuous-looking files. In its analysis of Operation Shady RAT, 
Symantec found rigged images -- everything from images of a pastoral 
waterside scene to a suggestive photo of a woman in a hat -- that were 
masking commands ordering the infected machines to phone home to the 
command-and-control (C&C) server.

The commands are invisible to the human eye because the bits in the 
image are actually made up of those commands. They're "mathematically 
built into the data representing the image," according to Symantec 
researchers in a recent blog post that includes examples of the images 
its researchers found.

Operation Shady RAT is a massive advanced persistent threat (APT)-type 
attack campaign that has been ongoing worldwide for five years and has 
stolen intellectual property from 70 government agencies, international 
corporations, nonprofits, and others in 14 countries. It was revealed 
last week by McAfee, which conducted an in-depth study of one of the C&C 
servers used in the attack.

[...]


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/