Operation Sharpshooter

2018-12-13 • Mcafee •

https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf

#Sharpshooter #RisingSun

Attachments

McAfee documented Operation Sharpshooter, a global campaign against nuclear, defense, energy, financial, defense, and government related organizations. Malicious job description documents with Korean-language metadata used macros and embedded shellcode to inject a downloader into Word, then pulled the Rising Sun second-stage implant from kingkoil.com.sg. The report notes code reuse from the Lazarus Group Duuzer backdoor but cautions that the technical links may be too obvious for firm attribution and could indicate false flags.

Related Reports

2018-12-12 • 50% Match

‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure

Mcafee

#Sharpshooter

Shares tag: Sharpshooter • Same author: Mcafee • Published within a week

2024-04-17 • 20% Match

Target Locked: Operation Sharpshooter

Attack IQ

#Sharpshooter

Shares tag: Sharpshooter

2023-01-05 • 20% Match

Emulating the Highly Sophisticated North Korean Adversary Lazarus Group

Attack IQ

#Trend #DreamJob #Inception #MagicRAT #ThreatNeedle #Sharpshooter #T1082 #T1041 #T1071.001 #T1046 #T1112 #T1083 #T1057 #T1547.001 #T1053.005 #T1036.005 #T1003 #T1105 #T1055 #T1220 #T1049 #T1016 #T1074.001 #T1218.011 #T1218.010 #T1047 #T1025 #T1033 #T1543.003 #T1012 #T1007 #T1572 #T1552.002 #T1003.002 #T1048.001

Shares tag: Sharpshooter

« Back