“Hackers are targetting critical infrastructure providers, including nuclear power and defense agencies, in what may be a state-sponsored attack that’s hiding behind North Korean code,” Shaun Nichols reports for The Register. “Discovered by McAfee and dubbed ‘Sharpshooter,’ the operation has been running since November, largely focusing on US-based or English-speaking companies and agencies around the world with an emphasis on nuclear, defense, energy, and financial businesses.”
“It appears that, for now, the hacking operation is focused mostly on reconnaissance and harvesting sensitive information from the infected machines,” Nichols reports. “McAfee did not note any behavior related to damaging or sabotaging infrastructure.”
“As with most well-organized cyber-raids, the Sharpshooter operation goes after key members of the targeted companies with phishing emails that pretend to be from a job recruiting agency seeking English-speaking applicants, we were told today,” Nichols reports. “The emails contain poisoned Word documents (researchers note the version used to craft them was Korean-localized) that then look to install the first piece of malware: an in-memory module that dials up a control server.”
Read more in the full article here.
MacDailyNews Take: Wonderful.
More details via McAfee’s blog post here.