skip to Main Content

A new cyber espionage campaign targets nuclear, defense, energy, and financial companies

McAfee cyber security experts discover Operation Sharpshooter. It exploits the Rising Sun malware for cyber espionage against nuclear, defense, energy, and financial companies

Malicious hackers have launched a new global campaign targeting nuclear, defense, energy, and financial companies. It has been discovered by McAfee cyber security experts. This campaign has dubbed “Operation Sharpshooter”. It leverages an in-memory implant to download and retrieve a second-stage malware, called Rising Sun, for further exploitation. According to the company’s blog, it uses source code from Lazarus (APT38 aka Hidden Cobra) 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries. But this time the North Korea state-sponsored group could be innocent. For McAfee, “Operation Sharpshooter’s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags”.

The malicious hackers have launched cyber attacks against 84 companies, mostly based in the U.S.. Maybe they’re trying to impersonate Lazarus (APT38 aka Hidden Cobra) North Korean state-sponsored hackers

The malicious hackers have targeted dozens of companies, mostly based in the U.S., in a sophisticated cyber espionage campaign. The threat actors tried to penetrate the computer networks of at least 87 entities in the nuclear, defense, energy and financial industries since late October. Employees of the targeted organizations were contacted over social media with Dropbox links to Microsoft Word documents. They purported to contained job recruitment information. In reality, the documents hidden the Risin Sun malware that enabled hackers to gain access to their systems. The goal is to gain intelligence. This campaign could be just a first-stage reconnaissance operation, or there will be more. The novelty is that maybe someone is trying to impersonate Lazarus and trick the cyber security experts, to cover his traces.

Back To Top