McAfee cyber security experts discover Operation Sharpshooter. It exploits the Rising Sun malware for cyber espionage against nuclear, defense, energy, and financial companies
Malicious hackers have launched a new global campaign targeting nuclear, defense, energy, and financial companies. It has been discovered by McAfee cyber security experts. This campaign has dubbed âOperation Sharpshooterâ. It leverages an in-memory implant to download and retrieve a second-stage malware, called Rising Sun, for further exploitation. According to the companyâs blog, it uses source code from Lazarus (APT38 aka Hidden Cobra) 2015 backdoorÂ Trojan DuuzerÂ in a new framework to infiltrate these key industries. But this time the North Korea state-sponsored group could be innocent. For McAfee, âOperation Sharpshooterâs numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flagsâ.
The malicious hackers have launched cyber attacks against 84 companies, mostly based in the U.S.. Maybe theyâre trying to impersonate Lazarus (APT38 aka Hidden Cobra) North Korean state-sponsored hackers
The malicious hackers have targeted dozens of companies, mostly based in the U.S., in a sophisticated cyber espionage campaign. The threat actors tried to penetrate the computer networks of at least 87 entities in the nuclear, defense, energy and financial industries since late October. Employees of the targeted organizations were contacted over social media with Dropbox links to Microsoft Word documents. They purported to contained job recruitment information. In reality, the documents hidden the Risin Sun malware that enabled hackers to gain access to their systems. The goal is to gain intelligence. This campaign could be just a first-stageÂ reconnaissanceÂ operation, or there will be more. The novelty is that maybe someone is trying to impersonate Lazarus and trick the cyber security experts, to cover his traces.