San Francisco, Dec 13 (IANS) Researchers at cybersecurity major McAfee have discovered a new global spy campaign targeting nuclear, defence, energy and financial companies.
This campaign, while masquerading as legitimate industry job recruitment activity, gathers information to monitor for potential exploitation, the Santa Clara, California-headquartered McAfee said in a blog post on Wednesday.
The espionage programme has links to the Lazarus Group which is believed to have connections to the North Korean government.
This campaign, dubbed Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second stage implant — which McAfee calls Rising Sun — for further exploitation.
According to the cybersecurity company’s analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.
McAfee researchers found that the Rising Sun implant appeared in 87 organisations across the globe, predominantly in the US, between October and November 2018.
Based on other campaigns with similar behaviour, most of the targeted organisations are English speaking or have an English-speaking regional office, McAfee’s Ryan Sherstobitoff and Asheer Malhotra wrote.
The McAfee Advanced Threat Research team found that the majority of targets were defence and government-related organisations.