A prominent hacking group associated with North Korea is believed to be behind a comprehensive cyber-espionage campaign targeted at key sectors, including government, defense, energy, and critical infrastructure organizations, McAfee discovered on Sunday.
The Hacker group Lazarus group continues to perform these attacks in what McAfee calls "Operation Sharpshooter."
The company, which remains the discovered operation in December 2018, believes that the campaign could have started as early as September 2017, and that it "more" comprehensive in the complexity, scope and duration of operations "than previously assumed. McAfee said they had found that about 80 organizations across a number of key industries were targeted.
The company said it was able to assign cyber espionage campaign to the Lazarus group because an authority had given "command and control data" to McAfee for analysis ̵
Christiaan Beek, senior manager and senior researcher McAfee, called this access to the command-and-control server code as a "rare opportunity".
"These systems provide insight into the inner operation of the cyber attack infrastructure, are usually seized by law enforcement, and rarely available to private sector researchers. The insights gained through throu Gh access to this code are indispensable for understanding and combating today's most prominent and sophisticated online campaigns, Beek says in a statement.
The Lazarus group has also shifted the attacks and largely pursued economics, government and critical infrastructure units around the world, according to research. Germany and Turkey.
There was also evidence that they made some attacks in Africa.
"Analysis of command and control server code and file logs revealed a network block of IP addresses originating from the city of Windhoek in Namibia, Africa, which leads McAfee to believe that this is where Lazarus is now trying implants in the region before wider attacks, the report says.
McAfee researchers say this group was able to break large organizations using "unadvanced" and run-of-the-mill spearphishing attacks, where malware-containing e-mails were "masked as extremely convincing job recruitments to get access to systems. "
The Lazarus group, which is considered both active and sophisticated, has performed a number of high-profile cyber attacks.
The government blamed Lazarus Group for the 2014 cyber attack that destroyed Sony Pictures Entertainment, costing the studio millions of dollars and excelling its reputation in a professional hack.
The entertainment company angered the North Korean government about its production of "The Interview," a controversial comedy where two American men attempted to kill North Korea's leader Kim Jong Un.
The Lazarus group is also believed to be behind the WannaCry attacks that caused major disturbances and affected institutions around the world.