McAfee’s research team have found a new malware campaign that has targeted dozens of private and government organizations around the world.
The malware campaign dubbed as “Operation Sharpshooter” has targeted more than 100 organizations in 24 countries in just a few weeks. The organizations were affected by the campaign includes nuclear sector, defense, energy, and financial companies.
The hackers send a phishing email giving an impression to the reader as a recruitment message, once he/she opens the message, the Rising Sun implant is installed inside the device and it gives a fully functional, modular backdoor that performs reconnaissance on victims’ network.
After setting up of the Rising Sun implant, attackers gain a full access to machine level info, including documents, usernames, network configuration, and system settings.
“We know that this campaign was intended to conduct espionage, indeed it was only recently launched. The question of the ultimate purpose remains to be seen,” Raj Samani, chief scientist at McAfee, told CNBC.
“In many cases, such attacks are a precursor for something else, however, we are hopeful that identifying and sharing the details will prevent the true nature of the campaign from being carried out.”
As per the primary investigation, it appears that the attack could be linked to the Lazarus Group, a cybercrime group associated with North Korea because it uses the same source code of a hack that targeted South Korean firms in 2015.
The “numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags,” the research said.