Nuclear, Defense, Energy Companies Target of Latest Global Hack…”potential for false flags”
SputnikNews.com
12.12.2018
In a new global campaign dubbed “Operation Sharpshooter,” an unknown hacking group is infiltrating dozens of companies around the world with malicious software, cybersecurity firm McAfee reported Wednesday.
According to a December 12 blog post by McAfee, the global hack had nuclear, defense, energy and financial companies in the crosshairs. Between October and November, the hacking group targeted people at 87 companies through social media by sending them what appeared to be “recruitment” messages to lure them into clicking on malicious documents.
This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant — which we call Rising Sun — for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries,” the McAfee blog post states, referencing Lazarus Group, a cybercrime group that may be linked to North Korea.
Once the Rising Sun program was installed on a computer, hackers were able to obtain access to usernames, IP addresses, network configuration and system settings data.
“This actor has used recruiting as a lure to collect information about targeted individuals of interest or organizations that manage data related to the industries of interest,” McAfee reported, adding that the malware contains a “weaponized macro to download the next stage, which runs in memory and gathers intelligence.” The victim’s data is then transferred to a control server.
“Operation Sharpshooter’s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags,” the blog post adds.
The Rest…HERE
