Dozens of major companies, including in the nuclear industry, were targeted in a cyber espionage campaign that began in late October according to a spokesperson at McAfee.
According to Raj Samani, chief scientist at McAfee, 87 firms were enmeshed in the cyber assault. Individuals at the affected companies received information through social media related to job recruitment. These materials directed them to Microsoft Word documents via a Dropbox link. The documents contained malware which allowed hackers to access their systems.
A report from McAfee said that the hackers “tried to penetrate the computer networks of at least 87 companies in the nuclear, defense, energy and financial industries.”
“We don’t know what their ultimate purpose is,” said Samani, adding it is “quite likely” they were able to penetrate the company networks.
The code used in the malware is a signature of the so-called Lazarus Group, associated with the North Korean government’s intelligence services. However, McAfee also cautioned about a false flag operation.
The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.
MORE INFO HERE and HERE
THE SECOND LAW 