“It appears that, for now, the hacking operation is focused mostly on reconnaissance and harvesting sensitive information from the infected machines,” Nichols reports. “McAfee did not note any behavior related to damaging or sabotaging infrastructure.”
“As with most well-organized cyber-raids, the Sharpshooter operation goes after key members of the targeted companies with phishing emails that pretend to be from a job recruiting agency seeking English-speaking applicants, we were told today,” Nichols reports. “The emails contain poisoned Word documents (researchers note the version used to craft them was Korean-localized) that then look to install the first piece of malware: an in-memory module that dials up a control server.”
Read more in the full article here.
MacDailyNews Take: Wonderful.
More details via McAfee’s blog post here.