HYDERABAD: A new worldwide cyber threat campaign called Operation Sharpshooter which has targeted, nuclear, defence, energy and financial companies, has also attacked India’s telecommunication network, a recent report revealed. This campaign masquerades as a legitimate industry job recruitment activity and gathers information for potential exploitation.
The two-phased threat discovered by McAfee in a report, observed that the threat has appeared in 87 organisations across the globe. Though most of the companies were based in the US, the report noted that it had also attacked organisations which were English speaking or had an English-speaking regional office. Majority of targets were defence and government-related organisations, it said.
Operation Sharpshooter uses its source code Trojan Duuzer from an infamous cybercriminal group called the Lazarus Group. Although the report did not conclude whether the attacks were indeed perpetrated by the Lazarus Group, researchers have attributed many cyber attacks to them over the last decade. The operation began on October 25 when job vacancies-related documents authored by one Richard were distributed from a US IP address and through the DropBox service to various companies around the world.
When one opened the document, it immediately replaced that word document with a decoy document. This decoy document then set forth the second-phase of the attack called the Rising Sun, which is where the Lazarus Groups' Trojan Duuzer is used, launched/terminated processes, read/deleted a file, gotten access to drive details from a computer.
It also searched for information related to a computer like computer name, username, IP address information etc and finally sent it back to the hackers.
Though researchers shied away from attributing the attack to any organisation, McAfee noted that the operation was very similar to a Lazarus attack from 2017 that targeted the US defence and energy sectors. "The techniques, tactics, and procedures match those in this previous operation," the authors wrote in the report.