Computers in more than a 100 countries have been infected by malware used for industrial spying. A 10-month investigation has found that 1,295 computers in 103 countries and belonging to international institutions have been spied on.
The report does not conclusivlely identify a source for the attacks, although there is some strong circumstantial evidence suggesting China may be to blame. However, a second report on cyberespionage does link malware to Chinese sites.
The cyberespionage report provides some of the most compelling evidence and detail of the efforts of politically-motivated hackers while raising questions about their ties with government-sanctioned cyberspying operations.
It describes a network which researchers have called GhostNet, which primarily uses a malicious software program called gh0st RAT (Remote Access Tool) to steal sensitive documents, control web cams and completely control infected computers.
"GhostNet represents a network of compromised computers resident in high-value political, economic and media locations spread across numerous countries worldwide," said the report, written by analysts with the Information Warfare Monitor, a research project of the SecDev Group, a think tank, and the Munk Center for International Studies at the University of Toronto. "At the time of writing, these organisations are almost certainly oblivious to the compromised situation in which they find themselves."
The analysts did say, however, they had no confirmation if the information obtained had ended up being valuable to the hackers or whether it had been commercially sold or passed on as intelligence.