North Korea-linked hackers growing in reach and sophistication, McAfee warns

A computer hacking group with links to the North Korean government has a wider reach and is more sophisticated than was initially believed, according to the computer security firm McAfee. The group, dubbed Lazarus by cybersecurity experts, is believed to be connected with Guardians of Peace, the hacker team that orchestrated the 2014 attacks on Sony Pictures Entertainment. The company drew the ire of the North Korean government for producing The Interview, a black comedy based on a fictional attempt by two Americans to assassinate North Korean leader Kim Jong-un. Known collectively as ‘the Sony Pictures hack’, the attacks included the compromise of internal documents and unreleased copies of films produced by Sony, as well as personal attacks on Sony executives and members of their families. There were also attempts to damage Sony’s digital infrastructure, which cost the company an undisclosed amount in damages, believed to be in the millions of dollars.

In February of last year, the computer security software company McAfee said that Lazarus was behind an ongoing campaign targeting global banks and bitcoin users. On Sunday, the California-based firm said that Lazarus was responsible for what its experts call Operation SHARPSHOOTER, a widespread effort to compromise key industries across several continents. Speaking at the RSA IT security conference in San Francisco, McAfee experts said that SHARPSHOOTER began as early as September of 2017, and that it was first detected in December of 2018. By that time, said McAfee, around 80 firms and organizations had been targeted by Lazarus. But in recent months, it has become clear that SHARPSHOOTER is “more extensive in complexity, scope and duration” than previously thought, according to McAfee experts. They added that they drew this conclusion based on “command-and-control serve code” data that was made available to them by an unnamed “government entity”. This is the type of forensic data that is customarily seized by government agencies and is rarely made available to cybersecurity researchers in the private sector, said the McAfee representatives. This “non-typical access” afforded McAfee technical experts “a rare opportunity” to examine “the inner workings [of Lazarus’] cyberattack infrastructure”, they added.

As a result, the company’s “confidence levels are now much higher” that Lazarus is targeting key agencies and industries, including government organizations involved with national defense, energy and critical infrastructure. Most of Lazarus’ targets are in the United States, Germany and Turkey. But smaller attacks have been detected in Asia and Africa, in countries such as the Philippines and Namibia. Many attacks begin with so-called ‘spearphishing’ attempts, which target particular employees of agencies or firms. These attacks center on emails that are “masked as extremely convincing job recruitments”. The emails contain links to Microsoft Word or Adobe PDF files on popular file-sharing platforms like DropBox, which are infected with malware, said McAfee.

► Author: Joseph Fitsanakis | Date: 05 March 2019 | Permalink