Skip to Content
Security & privacy

Cyberspies are infiltrating government and defense firms worldwide

A new global cyberattack is now underway, and it’s targeting high-profile government and defense targets around the world.

With the ever-growing presence of state-sponsored cyberattacks like the suspected Chinese-led hack of the Marriott chain of hotels, these large-scale campaigns may not be motivated by financial gain, but rather, they’re foundations for even more devastating attacks in the future.

Political and industrial espionage is a widespread danger and in our ultra-connected world. Technology plays a big part in how the front lines are drawn and plans are conceived in these silent cyberwars that are being waged beyond the public’s plain sight.

Who are these entities and what is their game plan? This new cyber campaign that’s making the rounds may hold the key in understanding how these groups are conducting their schemes.

Operation Sharpshooter

A new infiltration campaign was spotted by software security company McAfee and it’s targeted at various government and defense companies around the world.

Dubbed “Operation Sharpshooter,” the campaign uses phishing emails to install advanced spying malware to steal information from its victims,

McAfee stated that between October and November this year, the hackers targeted employees at 87 companies via social media, sending them phishing messages disguised as recruitment offers.

These messages are loaded with a malware known as “Rising Sun,” a spying program that opens “backdoors” on the target computers and allows hackers to grab sensitive information like usernames, passwords, IP addresses, system settings, and network configurations.

Using this type of information, the hackers can then infiltrate and even take full control of a company’s entire network.

Based on McAfee’s research, the targets include telecommunication, energy, transportation, and health-care institutions but a majority of them were defense and government-related organizations.

Who’s behind it?

You may remember four years ago, there was a malware attack on Sony Pictures. That attack led to leaks of unreleased films, publications of executive salaries and passcodes. 

What about the 2016 Bangladesh Bank $80 million hacking heist, the biggest cybertheft operation on a financial institution in history so far?

And last year, there was the massive attack of ransomware called “WannaCry.” The WannaCry campaign has claimed 200,000 victims across 150 countries worldwide, targeting private companies and public organizations and has actually endangered lives.

All of these attacks are commonly attributed to a certain state-sponsored hacking group from North Korea known as the “Lazarus Group.” 

The U.S. has been tracking this particular group of hackers since 2009. “Aside from the “Lazarus Group.” they are also identified with various names like  “Hidden Cobra,” and “Guardians of the Peace.”

Although nothing is conclusive, the recent spate of attacks can be linked to the Lazarus Group since the source code of the current campaign is similar to these past attacks.

But McAfee warns that the current campaign can also be a “false flag” that is trying to pin blame on the North Korean organization. 

Click here to read McAfee’s full report.

How the Lazarus Group operates

Based on prior investigations, here’s how the Lazarus Group infiltrated its high profile targets in the past.

The Sony Pictures cyberattack investigation revealed that months before the actual attack took place, a number of social media accounts were sending or posting links that will direct the company’s employees to malware.

Targeted Sony Pictures employees were also sent phishing emails that contained fake Flash videos that installed malware bogus software. It is believed that this method was how the group infiltrated Sony Picture’s network in September 2014.

The FBI noted that these phishing email tactics were also successfully used in the Bangladesh Bank and WannaCry ransomware attacks.

Furthermore, the hacking group also attempted to infiltrate U.S. defense contractors, universities, utility companies and cryptocurrency exchanges with similar spear-phishing email campaigns.

Hear my view on email scams with this Consumer Tech Update podcast. Tap or click below to listen.

How do you protect yourself?

With the ever-growing threat of new of state-sponsored cyberattacks, you need to take precautionary steps. Here are mitigation tips that will help:

  • Update your systems – Keep your software and operating systems updated with the latest fixes and patches.
  • Never open risky links in emails – Don’t open attachments from unsolicited emails, it could be a phishing scam. Malware can infect your gadget through malicious links found in phishing emails.
  • Have strong security software – This will help prevent the installation of ransomware on your gadget.
  • Back up data regularly – This is the best way to recover your critical data if your computer is infected with ransomware.
Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days