Operation Sharpshooter Global Cyber Attacks Still Active

A global cyber attack campaign has been deployed for over a year and is currently active. Researchers believe there is a group of hackers from North Korean behind this campaign.

The Lazarus Group, also known as the Hidden Cobra by network users, launched a cyber espionage campaign called "Operation Sharpshooter". McAfee, the US private cybersecurity company, discovered the campaign first in December last year.

McAfee discovered this campaign through a rare chance to test data and code from a server was in charge of controlling and managing the activities of this global network attack campaign. At the same time, they also discovered the tools and long traditions of this campaign, so they learned that it began to deploy and operate from September 2017.

Researchers from McAfee also said the server's control code and commands were given by a government organization.

Christiaan Beek, McAfee Senior Principal Engineer and Lead Scientist said that researchers do not have many opportunities to gain access to hackers' servers. Often, the assets and tools of captured network attackers are often kept in law enforcement agencies, so private companies do not have the opportunity to research and explore the system in order to understand their work.

McAfee also said that recent evidence found similarities in network attack techniques and other attacks conducted by the Lazarus Group.

Researchers believe the Lazarus Group is related to North Korea. Meanwhile, among many cyber attacks on businesses around the globe, North Korea is believed to be the outbreak of WannaCry virus in 2017 and Sony hacked in 2016.

According to McAfee, Sharpshooter campaign attacks target financial services, critical infrastructure and governments, including recent attacks on Britain, the United States, Turkey and Germany.

Meanwhile, previous cyber attacks often target various industries including the telecommunications, financial and government sectors in the US, Israel and Switzerland.