A global hack campaign called Operation Sharpshooter focuses on nuclear, defence, energy and financial companies. That’s what McAfee says in a new report.
The campaign has already infiltrated dozens of companies, mainly in the United States and other English-speaking countries. The hackers post rogue software that collects information from the systems of the companies. The hack uses a phishing campaign in which the hackers pretended to be a recruiting company. In doing so, they sent legitimate looking e-mails to specific targets.
If a target clicked on the rogue attachment – a fake Microsoft Word document – the infiltration by a second program called Rising Sun began to install. This program is described as an implant that uses source code from the Trojan Duuzer, developed by the Lazarus Group in 2015, in a new framework to enter the intended network. According to McAfee, the Lazarus Group is not behind the attacks.
No Lazarus Group
“The many technical links from Operation Sharpshooter to the Lazarus Group seem to be too clear to draw the immediate conclusion that they are responsible for the attacks, and instead point to fake signals,” said the researchers. “Our research focuses on how these hackers work, the global impact and how to detect the attack.”
Since the campaign is mainly about gathering information, it is likely that this is a government-sponsored hacker group. “We know this campaign’s purpose is to spy,” says Raj Samani, chief scientist at McAfee. “What the ultimate goal is is to wait and see.”
Samani adds that in many cases this type of attack is a prelude to something else. “However, we are hopeful that identifying and sharing the details will prevent the implementation of the real purpose of the campaign.”
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.