Operation Sharpshooter Targets Nuke and Defense Firms

Security researchers have discovered a major targeted attack campaign aimed at stealing info from scores of mainly English-speaking organizations around the world and using source code from the infamous Lazarus Group. What McAfee has dubbed “Operation Sharpshooter” targets government, defence, nuclear, energy and financial organizations, mainly in the US but also the UK, Canada, Australia, New Zealand, Russia, India and elsewhere. Some 87 organizations have so far been found to be infected with the Rising Sun implant, a modular backdoor which allows the attackers to perform reconnaissance by accessing sensitive information including documents, usernames, network configuration and system settings. Although not previously seen, the implant draws on source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer, used in the notorious attack on Sony Pictures Entertainment. However, McAfee is not attributing the campaign to North Korea — in fact, the “numerous technical links” to the group raise the possibility that this is a false flag, it claimed.