Cyber espionage campaign linked to North Korea

A prominent hacking group tied to North Korea is believed to be behind an extensive cyber espionage campaign that has targeted key sectors, including government, defense, energy and critical infrastructure organizations, security firm McAfee revealed Sunday.

The hacking group Lazarus continues to carry out these attacks in what McAfee calls “Operation Sharpshooter.”

The firm, which says it discovered the operation in December 2018, believes the campaign could’ve started as early as September 2017 and that it is “more extensive in complexity, scope and duration of operations” than previously believed. At the time, McAfee said they had found that roughly 80 organizations across a series of key industries were targeted.

The firm says it was able to attribute the cyber espionage campaign to the Lazarus Group because a government entity provided “command-and-control” data to McAfee for analysis — data that revealed “technical indicators and procedures that overlap between the two,” according to McAfee’s report.

“Until now, there wasn’t enough technical evidence for the threat research team to confidently attribute the attacks to Lazarus, but due to the non-typical access McAfee had to the data on the seized control servers the adversaries used, confidence levels are now much higher,” the report says.