Researchers at cybersecurity major McAfee have discovered a new global spy campaign targeting nuclear, defence, energy and financial companies.
This campaign, while masquerading as legitimate industry job recruitment activity, gathers information to monitor for potential exploitation, the Santa Clara, California-headquartered McAfee said in a blog post on Wednesday.
The espionage programme has links to the Lazarus Group which is believed to have connections to the North Korean government.
This campaign, dubbed Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second stage implant — which McAfee calls Rising Sun — for further exploitation.
According to the cybersecurity company’s analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.
McAfee researchers found that the Rising Sun implant appeared in 87 organisations across the globe, predominantly in the US, between October and November 2018.
Based on other campaigns with similar behaviour, most of the targeted organisations are English speaking or have an English-speaking regional office, McAfee’s Ryan Sherstobitoff and Asheer Malhotra wrote.
The McAfee Advanced Threat Research team found that the majority of the targets were defence and government-related organisations.
Also read: Is Windows Defender good enough for your PC?
More in News
- NASA’s Osiris-Rex probe finds water on asteroid Bennu
- Honor 8C review: Big battery and a decent camera at the back
- NASA’s Juno mission to cross halfway to Jupiter next week
- Facebook makes it easier for users to remember and share life events
- Google revamps shopping search in India with more comparisons