It is with a heavy heart that we must inform you hackers are targeting ‘nuclear, defense, energy, financial’ biz
Hackers are targetting critical infrastructure providers, including nuclear power and defense agencies, in what may be a state-sponsored attack that’s hiding behind North Korean code.
Discovered by McAfee and dubbed “Sharpshooter”, the operation has been running since November, largely focusing on US-based or English-speaking companies and agencies around the world with an emphasis on nuclear, defense, energy, and financial businesses.
It appears that, for now, the hacking operation is focused mostly on reconnaissance and harvesting sensitive information from the infected machines. McAfee did not note any behavior related to damaging or sabotaging infrastructure.
As with most well-organized cyber-raids, the Sharpshooter operation goes after key members of the targeted companies with phishing emails that are tightly targeted, in this case pretending to be from a job recruiting agency seeking English-speaking applicants, we were told today.
The emails contain poisoned Word documents (researchers note the version used to craft them was Korean-localized) that then look to install the first piece of malware: an in-memory module that dials up a control server.
Once connected to the control server, the infected PC then downloads and executes a secondary malware payload known as Rising Sun. The Rising Sun malware does most of the heavy lifting in the campaign, monitoring network activity as well as collecting information from the infected machine that is then encrypted and sent back to the control servers. ..Read More..