McAfee Confirms Operation Sharpshooter Link to North Korea

Researchers have confirmed the Operation Sharpshooter APT campaign uncovered in December 2018 is likely the work of North Korean hackers, and has been active for a year longer than previously thought. McAfee revealed today that it was given a rare insight into the inner workings of such a group after a government entity handed over code and data from a key command-and-control (C&C) server. This helped it conclude that the campaign was more complex, wide-ranging and long-lasting than at first thought. In fact, it’s believed to have begun in September 2017 and is still active today, focusing on finance, government and critical infrastructure targets primarily in Germany, Turkey, the UK and US. McAfee first revealed its analysis of Operation Sharpshooter in December last year, claiming it targeted government, defense, nuclear, energy and financial organizations — infecting 87 of them with a modular backdoor implant known as Rising Sun.