McAfee uncovers "Sharpshooter" malware attacking critical infrastructure

null

McAfee says it has uncovered a major cybercrime operation named "Sharpshooter" that is attacking nuclear, defense, energy, and financial businesses.

The attack is reportedly conducted by North Korean state-sponsored attackers targeting companies in the US, or English-speaking companies around the world.

At this point in time, the hackers aren't making any concrete moves, but instead, are focused on data gathering, getting as much information about their target systems as they can.

This appears to be through  highly personalised phishing attacks posing as a job recruiting agency, sending Word documents in localised, Korean that are actually hiding malware, allowing the hackers to install an in-memory module that dials up a control server.

Then, if the PC manages to connect to the server, it will download the actual malware, called Rising Sun. It monitors network activity, gathers information from infected systems, and sends it back home.

The attack is inspired by the Lazarus Group and their methods, McAfee says, insinuating that it might be the same group this time around, as well.

"Operation Sharpshooter’s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags," McAfee says.

Photo Credit: andriano.cz/Shutterstock