A recent global campaign targeting defense, financial, energy, and nuclear companies has been discovered. Dubbed ‘Operation Sharpshooter,’ a group of hackers targeted critical infrastructure using an advanced malware/social engineering attack. Per Ryan Sherstobitoff and Asheer Malhotra of McAfee, “this campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. “
Operation Sharpshooter implemented job recruiting activities to persuade targets to open malicious documents; these documents contained an implant called Rising Sun, which leverages the malicious source code tied to ‘The Lazarus Group,’ believed to be based out of North Korea. You might have heard of The Lazarus Group’s speculated involvement in the Sony Pictures breach.
While the tools used in Operation Sharpshooter and The Lazarus Group’s attacks share similarities, it is important to note the potential of false flags, pushing the blame to a different group to cover up the actual perpetrators. The Rising Sun first opens a back door and gathers/encrypts data, then sends data such as IP addresses, system settings, and network configuration to a control server.
In recent years, attacks on critical infrastructure have been on the rise through former President Barack Obama’s term and now into President Trump’s time in office. Last year, President Trump signed an executive order to improve cybersecurity in the United States; while this order was created shortly after the news of Russian interference of the election, its potential benefits are far more than securing voting methods.
These attacks showcase how lacking our nation’s cyberdefense really is, which further strengthens the case for the 4.1% ($583 million) increase of funds allocated for advancing United States’ cybersecurity in 2019. Hopefully, these attacks illuminate the dark area that is our cyber defense capabilities, as I predicted in an earlier post, these attacks will continue to increase in number and sophistication as the IoT (Internet of Things) and automation’s popularity expand in 2019.
Sherstobitoff, Ryan. Malhotra, Asheer. 13 Dec 2018. McAfee. Operation Sharpshooter. Retrieved from https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf.
NG, Alfred. 11 May 2017. CNET. Trump’s cybersecurity order: Out with ‘antiquated systems.’ Retrieved from https://www.cnet.com/news/president-trump-signs-cybersecurity-executive-order/.
Whitehouse. 13 Dec 2018. FY 2019. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/02/ap_21_cyber_security-fy2019.pdf.