Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

- Operation Sharpshooter headpic - Oops, our bad. Sharpshooter malware was the Norks’ Lazarus Group the whole time –

Credit: The Register

McAfee (the antivirus firm, not John the dodgy “playboy”) reckons the Sharpshooter campaign it uncovered in late 2018 is the work of North Korean hacking crew the Group.

Thanks to from a command-and-control server that was “provided to McAfee for analysis by a government entity that is familiar with McAfee’s published research on this malware campaign”, researchers were able to link Sharpshooter to earlier Lazarus Group activity from 2017.

The latest malware effort appears, according to McAfee, to be focused on “finance, government and critical around the globe, primarily in Germany, Turkey, UK and the US”.

Its attribution of Sharpshooter to the Lazarus Group today is a reversal of its previous position in December 2018, when McAfee said the “numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks”, warning of the potential for “false flags”.

McAfee’s initial discovery of Sharpshooter came with the alarming news that the malware campaign’s operators were targeting Anglosphere nuclear energy and defence companies. Although the malware borrowed heavily from source code used by Lazarus, the stopped short of attributing it to the group.

Today McAfee clarified that, with senior principal engineer Christiaan Beek saying: “Technical evidence is often not enough to thoroughly understand a cyber attack, as it does not provide all the pieces to the puzzle.

“Access to the adversary’s command-and-control server code is a rare opportunity. These systems provide insights into the inner workings of infrastructure, are typically seized by law enforcement, and only rarely made available to private sector researchers.”

“Analysis of the command-and-control server code and file logs also uncovered a network block of IP addresses originating from the city of Windhoek, located in the African nation of Namibia,” the company said. “This led McAfee Advanced Research analysts to suspect that the actors behind Sharpshooter may have tested their implants and other techniques in this area of the world prior to launching their broader campaign of attacks.”

In 2017 Russia’s Kaspersky Lab carried out some in-depth research into the Lazarus Group, finding at the time that their usual method of operating is to carry out quiet reconnaissance of target networks before developing malware tailored towards compromising financial institutions.

- logo16 - Oops, our bad. Sharpshooter malware was the Norks’ Lazarus Group the whole time –

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India

Source link


Please enter your comment!
Please enter your name here