Global hacking campaign targets critical infrastructure

The sophisticated campaign has targeted dozens of companies, most of which are based in the US.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Anonymous Computer Hacker
Getty Images

A group of hackers has targeted dozens of companies around the world in recent months with a sophisticated cyber espionage attack on critical infrastructure, according to new research published Wednesday.

The campaign used malware to try to penetrate the computer systems for at least 87 companies in the nuclear, defense, energy and financial industries in October and November, according to a report by internet security company McAfee . The report (PDF) didn't identify any of the targeted businesses, most of which McAfee said were based in the US.

Organizations running the nation's energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years. In a 2013 executive order, President Barack Obama called cyberattacks "one of the most serious national security challenges we must confront."

President Donald Trump signed an executive order last year designed to bolster the United States' cybersecurity by protecting federal networks, critical infrastructure and the public online.

Dubbed Operation Sharpshooter, the campaign masqueraded as job recruitment activity to get targets to open malicious documents. The documents contained a malicious implant called Rising Sun that installed a backdoor that gives hackers the opportunity to extract intelligence, McAfee said.

"Operation Sharpshooter is yet another example of a sophisticated, targeted attack being used to gain intelligence for malicious actors," Raj Samani, chief scientist and fellow at McAfee told CNET sister site ZDNet.

"However, despite its sophistication, this campaign depends on a certain degree of social engineering which, with vigilance and communication from businesses, can be easily mitigated," Samani said.

The malware used in the attack bears striking similarities to code used by the Lazarus Group, a powerful North Korea hacking unit. Some cybersecurity researchers have blamed Lazarus Group for the infamous 2014 Sony hacks and the massive WannaCry ransomware attacks, which crippled more than 300,000 computers in 150 countries.

"According to our analysis, the Rising Sun implant uses source code from the Lazarus Group's 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries," it added.

However, McAfee cautioned that the numerous links to Lazarus "seem too obvious" to conclude the group was responsible for the attacks and that they could be "false flags" intended to assign blame.

CNET's Holiday Gift Guide: The place to find the best tech gifts for 2018.

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.