Skip to content

Spy campaign targeting nuclear, defence companies globally identified

  • by
  • 2 min read
What data does your browser collec? Here are 7 types

Researchers at cybersecurity major McAfee have discovered a new global spy campaign targeting nuclear, defence, energy and financial companies.

This campaign, while masquerading as legitimate industry job recruitment activity, gathers information to monitor for potential exploitation, the Santa Clara, California-headquartered McAfee said in a blog post on Wednesday.

The espionage programme has links to the Lazarus Group which is believed to have connections to the North Korean government.

This campaign, dubbed Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second stage implant — which McAfee calls Rising Sun — for further exploitation.

In the News: Hackers behind cyber attacks in parts of Asia, EU, North America identified

According to the cybersecurity company’s analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.

McAfee researchers found that the Rising Sun implant appeared in 87 organisations across the globe, predominantly in the US, between October and November 2018.

Based on other campaigns with similar behaviour, most of the targeted organisations are English speaking or have an English-speaking regional office, McAfee’s Ryan Sherstobitoff and Asheer Malhotra wrote.

The McAfee Advanced Threat Research team found that the majority of the targets were defence and government-related organisations.

Also read: Is Windows Defender good enough for your PC?

More in News