Global hacking campaign targets critical infrastructure
A group of hackers has targeted dozens of companies around the world in recent months with a sophisticated cyber espionage attack on critical infrastructure, according to new research published Wednesday.
The campaign used malware to try to penetrate the computer systems for at least 87 companies in the nuclear, defense, energy and financial industries in October and November, according to a report by internet security company McAfee. The report (PDF) didn’t identify any of the targeted businesses, most of which McAfee said were based in the US.
Organizations running the nation’s energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years. In a 2013 executive order, President Barack Obama called cyberattacks “one of the most serious national security challenges we must confront.”
President Donald Trump signed an executive order last year designed toby protecting federal networks, critical infrastructure and the public online.
Dubbed Operation Sharpshooter, the campaign masqueraded as job recruitment activity to get targets to open malicious documents. The documents contained a malicious implant called Rising Sun that installed a backdoor that gives hackers the opportunity to extract intelligence, McAfee said.
“Operation Sharpshooter is yet another example of a sophisticated, targeted attack being used to gain intelligence for malicious actors,” Raj Samani, chief scientist and fellow at McAfee told CNET sister site ZDNet.
“However, despite its sophistication, this campaign depends on a certain degree of social engineering which, with vigilance and communication from businesses, can be easily mitigated,” Samani said.
The malware used in the attack bears striking similarities to code used by the Lazarus Group, a powerful North Korea hacking unit. Some cybersecurity researchers have blamed Lazarus Group for the infamous 2014 and the massive , which crippled more than 300,000 computers in 150 countries.
“According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries,” it added.
However, McAfee cautioned that the numerous links to Lazarus “seem too obvious” to conclude the group was responsible for the attacks and that they could be “false flags” intended to assign blame.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.