Best Top Reviews Online

Cyber Attacks Linked to North Korean Hackers, According to Researchers

A North Korean APT hacking group has been linked with “high confidence” to a previously discovered global cyber espionage campaign targeting critical infrastructure around the world.

Thanks to new evidence collected by researchers after analyzing a command-and-control (C2) server seized by law enforcement that was involved in the espionage campaign.

The cyber espionage campaign dubbed Operation Sharpshooter, which targeted government, defense, nuclear, energy, and financial organizations worldwide was discovered by McAfee security researchers in December 2018.

Even after discovering numerous technical connections to the North Korean Lazarus hacking group, researchers were unable to immediately attribute the campaign at the time due to the possibility of false flags.

Researchers Analysed Sharpshooter’s Command Server

Now, according to a press release shared with The Hacker News, an analysis of the seized code and command-and-control (C2) server has enabled researchers to comprehend the inner workings of the global cyber espionage campaign, leading them to the conclusion that the North Korean state-sponsored hacking group is behind Operation Sharpshooter.

Lazarus Group, also known as Hidden Cobra and Guardians of Peace, is believed to be supported by the North Korean government and has been linked to the global WannaCry ransomware attack of 2017, the 2016 SWIFT Banking hack, and the 2014 Sony Pictures hack.

The analysis also revealed that the global espionage campaign began a year earlier than previously believed, in September 2017, and is still ongoing.

Newly-discovered evidence suggests that Sharpshooter has widened its focus to include critical infrastructure, with the most recent attacks targeting Germany, Turkey, the United Kingdom, and the United States.

Global Cyber-Espionage Campaign: Operation Sharpshooter

The global espionage campaign spreads via Dropbox-sent malicious documents containing a weaponized macro. After being opened and downloaded, the macro uses embedded shellcode to inject the Sharpshooter downloader into Microsoft Word’s memory.

For further exploitation, this in-memory implant then covertly downloads the second-stage Rising Sun malware, which utilizes source code from the Lazarus Group’s backdoor Trojan Duuzer, which was first distributed in 2015 against South Korean organizations.

The Rising Sun malware then performs reconnaissance on the victim’s network by gathering and encrypting data, such as the computer name, IP address, and native system information of the victim’s devices, among other information.

“It is uncommon to have access to the adversary’s command-and-control server’s source code. These systems, which offer insight into the inner workings of cyber attack infrastructure, are typically seized by law enforcement and are rarely made available to private sector researchers “said McAfee’s senior principal engineer and chief scientist, Christiaan Beek.

“Access to this code is indispensable for understanding and combating the most prominent and sophisticated cyber attack campaigns of the present day.”

In addition, an examination of the C2 server and file logs revealed an African connection, as the researchers discovered a network block of IP addresses originating from a city in the African nation of Namibia.

“This led McAfee Advanced Threat Research analysts to suspect that the actors behind Sharpshooter tested their implants and other techniques in this region of the world before launching their larger attack campaign,” the researchers say.

The attackers’ C2 infrastructure utilizes a PHP and ASP backend that “appears to be custom and unique to the group” and has been a part of the Lazarus operations since 2017.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Many Businesses Have Not Yet Patched The Citrix Flaw

February 8, 2020

One in five businesses has not yet patched this critical vulnerability. Even though Positive Technologies disclosed a critical vulnerability in Citrix software that put 80,000 businesses in 158 countries at risk, one in five businesses have yet to patch the…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.