[BreachExchange] Govt. Cyberattacks May Be Linked To Lazarus Group
Destry Winant
destry at riskbasedsecurity.com
Fri Dec 14 08:40:45 EST 2018
https://www.pymnts.com/news/security-and-risk/2018/cybercriminal-attacks-hackers-lazarus-group/
Dozens of companies around the world were infiltrated by hackers using
malicious software programmed to steal information, according to a
report by CNBC.
The cybersecurity firm McAfee released research on Dec. 12
illustrating the campaign, called Operation Sharpshooter. The deviant
campaign targeted defense and government organizations.
The attacks ran from October through November. The hackers targeted 87
entities using phishing methods through social media. The messages
were disguised as recruitment campaigns to entice users to open them.
Once a user opened the message, a program called “Rising Sun” was
installed. The program gave hackers backdoor access and allowed the
criminals to steal information. The hackers got IP addresses,
usernames, and network and system settings data.
Raj Samani, a chief scientist at McAfee, said they’re still figuring
out what the hackers ultimately wanted. “We know that this campaign
was intended to conduct espionage – indeed, it was only recently
launched. The question of the ultimate purpose remains to be seen,” he
said. “In many cases, such attacks are a precursor for something else;
however, we are hopeful that identifying and sharing the details will
prevent the true nature of the campaign from being carried out.”
The attack could be linked to the Lazarus Group, a collective of
cybercriminals that’s been associated with North Korea, as the source
code of the attack drew from the group’s 2015 hack of South Korea.
It’s not a certainty, though, and McAfee researchers think it might be
too obvious, and that the Lazarus connection is a false flag meant to
divert attention from the true perpetrators.
“The original malicious documents were hosted in the U.S.,” Samani
said. “In terms of attribution, certainly there are similarities with
tactics and code previously attributed to the Lazarus Group – however,
we are conscious that this may be an intentional tactic to make it
appear so.”
McAfee’s report didn’t identify companies by name, but did say that
the attack affected 87 companies across 24 countries, including the
U.S., U.K. and Russia.
More information about the BreachExchange
mailing list