McAfee 
The attacks, which have been underway since mid-2006, have been traced by McAfee back to one specific Command & Control server used by the intruders. Intrusions tend to last from one to 28 months, before they are discovered and fixed or till the attacker moves on after having stolen the valuable intellectual property or data.
McAfee says its analysis points to one state actor who is most likely to benefit from stolen intellectual property and government secrets from the U.S., the U.K., Taiwan, Vietnam, Korea, U.N., IOC and ASEAN organizations. Operation Shady RAT is described in a blog posting by Dmitri Alperovitch, Vice President of Threat Research at McAfee Labs. http://blogs.mcafee.com/mcafee-labs/revealed-operation-shady-rat
