Friday, January 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Researchers Link ‘Sharpshooter’ Cyber Attacks to North Korean Hackers

March 4, 2019
in Internet Privacy
Researchers Link ‘Sharpshooter’ Cyber Attacks to North Korean Hackers
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Credit: The Hacker News

Security researchers have finally, with “high confidence,” linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group.

You might also like

Experts Uncover Malware Attacks Against Colombian Government and Companies

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

Authorities Take Down World’s Largest Illegal Dark Web Marketplace

Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement.

Dubbed Operation Sharpshooter, the cyber espionage campaign targeting government, defense, nuclear, energy, and financial organizations around the world was initially uncovered in December 2018 by security researchers at McAfee.

At that time, even after finding numerous technical links to the North Korean Lazarus hacking group, researchers were not able to immediately attribute the campaign due to a potential for false flags.

Researchers Analysed Sharpshooter’s Command Server

Now, according to a press release shared with The Hacker News, a recent analysis of the seized code and command-and-control (C2) server allowed researchers to understand the inner working of the global cyber espionage campaign, concluding that the North Korean state-sponsored hacking group is behind Operation Sharpshooter.

Lazarus Group, also known as Hidden Cobra and Guardians of Peace, is believed to be backed by the North Korean government and had reportedly been associated with the 2017 global WannaCry ransomware attack, the 2016 SWIFT Banking hack, as well as the 2014 Sony Pictures hack.

The analysis also revealed that the global espionage campaign began as early as September 2017, a year earlier than previously thought and is still ongoing.

While previous attacks were primarily targeting telecommunications, government and financial sectors in the United States, Switzerland, and Israel, and other English-speaking countries, newly-discovered evidence suggests that Sharpshooter has expanded its focus to critical infrastructure, with the most recent attacks targeting Germany, Turkey, the United Kingdom, and the United States.

Operation Sharpshooter: Global Cyber-Espionage Campaign

The global espionage campaign spreads by sending malicious documents containing a weaponized macro to targets via Dropbox. Once opened and downloaded, the macro leverages embedded shellcode to inject the Sharpshooter downloader into the memory of Microsoft Word.

cyber espionage attacks North Korean hackers

For further exploitation, this in-memory implant then covertly downloads the second-stage Rising Sun malware, which uses source code from the Lazarus Group’s backdoor Trojan Duuzer, malware first circulated in 2015 targeting organizations in South Korea.

The Rising Sun malware then performs reconnaissance on the victim’s network by gathering and encrypting data, including victim devices’ computer name, IP address data, native system information and more.

“Access to the adversary’s command-and-control server code is a rare opportunity. These systems provide insights into the inner workings of cyber attack infrastructure, are typically seized by law enforcement, and only rarely made available to private sector researchers,” said Christiaan Beek, McAfee senior principal engineer, and lead scientist.

“The insights gained through access to this code are indispensable in the effort to understand and combat today’s most prominent and sophisticated cyber attack campaigns.”

Moreover, analysis of the C2 server and file logs also revealed an African connection, as the researchers uncovered a network block of IP addresses originating from a city located in the African nation of Namibia.

“This led McAfee Advanced Threat Research analysts to suspect that the actors behind Sharpshooter may have tested their implants and other techniques in this area of the world prior to launching their broader campaign of attacks,” the researchers say.

The C2 infrastructure used by the attackers has a core backend written in Hypertext Preprocessor (PHP), and Active Server Pages (ASP), which “appears to be custom and unique to the group” and has been part of the Lazarus operations since 2017.


Credit: The Hacker News By: noreply@blogger.com (Mohit Kumar)

Previous Post

Data Scientists Role & Ethics

Next Post

Chinese hackers use phishing emails to target engineering, transport and defence companies

Related Posts

Experts Uncover Malware Attacks Against Colombian Government and Companies
Internet Privacy

Experts Uncover Malware Attacks Against Colombian Government and Companies

January 14, 2021
Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
Internet Privacy

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

January 14, 2021
Authorities Take Down World’s Largest Illegal Dark Web Marketplace
Internet Privacy

Authorities Take Down World’s Largest Illegal Dark Web Marketplace

January 14, 2021
Buyer’s Guide for Securing Internal Environment with a Small Cybersecurity Team
Internet Privacy

Buyer’s Guide for Securing Internal Environment with a Small Cybersecurity Team

January 13, 2021
Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips
Internet Privacy

Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips

January 13, 2021
Next Post
Google announces Kubernetes Operator for Apache Spark

Chinese hackers use phishing emails to target engineering, transport and defence companies

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Toyota slapped with $180 million fine for violating Clean Air Act
Internet Security

Toyota slapped with $180 million fine for violating Clean Air Act

January 15, 2021
AI Research at Amazon: Brand Voice, Entanglement Frontier, Humor Recognition  
Artificial Intelligence

AI Research at Amazon: Brand Voice, Entanglement Frontier, Humor Recognition  

January 15, 2021
Machine Learning in Manufacturing Market 2020 Report Forecast By Global Industry Trends, Future Growth, Regional Overview
Machine Learning

Machine Learning in Manufacturing Market 2020 Report Forecast By Global Industry Trends, Future Growth, Regional Overview

January 15, 2021
More than 10mil users installed Android apps that showed out-of-context ads
Internet Security

More than 10mil users installed Android apps that showed out-of-context ads

January 15, 2021
Chief Data Scientist Seen as Bridging CTO to Business Managers 
Artificial Intelligence

Chief Data Scientist Seen as Bridging CTO to Business Managers 

January 15, 2021
Data Science and Machine Learning Service Market size and Key Trends in terms of volume and value 2020-2025
Machine Learning

Data Science and Machine Learning Service Market size and Key Trends in terms of volume and value 2020-2025

January 15, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Toyota slapped with $180 million fine for violating Clean Air Act January 15, 2021
  • AI Research at Amazon: Brand Voice, Entanglement Frontier, Humor Recognition   January 15, 2021
  • Machine Learning in Manufacturing Market 2020 Report Forecast By Global Industry Trends, Future Growth, Regional Overview January 15, 2021
  • More than 10mil users installed Android apps that showed out-of-context ads January 15, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates