• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

Cybersecurity Market

Cybersecurity Technologies & Markets

  • Cyber Security Events 2023-2024
  • Market Reports
  • Sponsored Post
  • Make a Contribution
  • About
  • Contact

RSA Conference USA 2019: McAfee Research Gives Rare Look Inside Command and Control of Nation-State Cyber Espionage Campaign

March 4, 2019 By admin

McAfee today revealed evidence that the Operation Sharpshooter campaign exposed in 2018 is more extensive in complexity, scope and duration of operations. McAfee Advanced Threat Research conducted a detailed analysis of code and data from a command-and-control server responsible for the management of the operations, tools and tradecraft behind this global cyber espionage campaign. This content was provided to McAfee for analysis by a government entity that is familiar with McAfee’s published research on this malware campaign. The analysis led to identification of multiple previously unknown command-and-control centers, and suggest that Sharpshooter began as early as September 2017, targeted a broader set of organizations, in more industries and countries and is currently ongoing.

“McAfee Advanced Threat Research analysis of the command-and-control server’s code and data provides greater insight into how the perpetrators behind Sharpshooter developed and configured control infrastructure; how they distributed the malware; and how they stealthily tested campaigns prior to launch,” said Raj Samani, McAfee Fellow and chief scientist. “This intelligence is invaluable in deepening our understanding of the adversary, which ultimately leads to better defenses.”

In December 2018, McAfee Advanced Threat Research first uncovered Operation Sharpshooter, a global cyber espionage campaign targeting more than 80 organizations across critical industries including the telecommunications, energy, government and defense sectors. Analysis of the new evidence has exposed striking similarities between the technical indicators, techniques and procedures exhibited in these 2018 Sharpshooter attacks, and aspects of multiple other groups of attacks attributed by the industry to the Lazarus Group. This includes, for example, the Lazarus group’s use of similar versions of the Rising Sun implant dating back to 2017, and source code from the Lazarus Group’s infamous 2016 backdoor Trojan Duuzer.

“Technical evidence is often not enough to thoroughly understand a cyber attack, as it does not provide all the pieces to the puzzle,” said Christiaan Beek, McAfee senior principal engineer and lead scientist. “Access to the adversary’s command-and-control server code is a rare opportunity. These systems provide insights into the inner workings of cyberattack infrastructure, are typically seized by law enforcement, and only rarely made available to private sector researchers. The insights gained through access to this code are indispensable in the effort to understand and combat today’s most prominent and sophisticated cyber attack campaigns.”

Having begun approximately a year earlier than previously evidenced and still ongoing, these attacks appear to now focus primarily on financial services, government and critical infrastructure. The largest number of recent attacks primarily target Germany, Turkey, the United Kingdom and the United States. Previous attacks focused on telecommunications, government and financial sectors, primarily in the United States, Switzerland, and Israel, and others.

Other Findings

Hunting and spearphishing. Operation Sharpshooter shares multiple design and tactical overlaps with several campaigns, for example a very similar fake job recruitment campaign conducted in 2017 that the industry attributes to Lazarus Group.
African connection. Analysis of the command-and-control server code and file logs also uncovered a network block of IP addresses originating from the city of Windhoek, located in the African nation of Namibia. This led McAfee Advanced Threat Research analysts to suspect that the actors behind Sharpshooter may have tested their implants and other techniques in this area of the world prior to launching their broader campaign of attacks.
Maintaining access to assets. The attackers have been using a command-and-control infrastructure with the core backend written in Hypertext Preprocessor (PHP) and Active Server Pages (ASP). The code appears to be custom and unique to the group and McAfee’s analysis reveals it has been part of their operations since 2017.
Evolving Rising Sun. The Sharpshooter attackers used a factory-like process where various malicious components that make up Rising Sun have been developed independently outside of the core implant functionality. These components appear in various implants dating back to 2016, which is one indication that the attackers have access to a set of developed functionalities at their disposal.
About McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. www.mcafee.com

Filed Under: Cybersecurity Market

Primary Sidebar

Market Analysis

How insurers thrive in a turbulent market
Leveraging Artificial Intelligence to Drive Cost Savings and Productivity in Uncertain Times
The shipping industry is undergoing a significant change with the influx of new vessels arriving just as the growth of trade is beginning to slow down
Climate change is increasingly affecting the production of beer ingredients
Unfulfilled Dreams: The Aftermath of China’s Stalled Real Estate Developments
Huawei on the Brink: Biden Administration Considers Cutting Off the Tech Giant”
Key Fire Industry Trends for 2023

Market Research Media

Streaming video, training, and gaming coming together to form a cohesive and diverse media and entertainment ecosystem
Turn Your Story into a Game: The Art of Gamifying Your Plot
The end of cheap money is redrawing the map of corporate earnings
The Future of Virtual Reality: How VR is Changing Industries
Market Research Media Survey: The State of Streaming Services
Media measurement services provide a holistic view of cross-media consumption
Gen Z ranks top in luxury sales

Secondary Sidebar

Technologies

The low tech unemployment rate and hiring activity confirms the long-term demand for tech talent
Virgin Orbit and SatRev Sign Launch Services Agreement
Harnessing the Power of Innovation for a Better Tomorrow
Breaking Down Silos: The Need for Cross-Sector Collaboration in Tackling Global Challenges
The SPIE Prism Awards recognized the best new optics and photonics products

Venture Capital

Gradient, a company specializing in eco-friendly heating and cooling solutions, has raised $18 million in a Series A funding round
The Importance of Diversity and Inclusion in the Workplace
Sequoia Capital announces its $195 Mln dedicated seed fund
Sublime Systems Secures $40 Million Series A to Electrify and Scale Decarbonized Cement Production
actyv.ai Raises Pre-Series A Funding to Fuel Global Expansion, Product Enhancement

Footer

Recent Posts

  • The Barcelona Cybersecurity Congress, 31 JANUARY – 2 FEBRUARY 2023, BARCELONA – GRAN VIA VENUE
  • Cybertech 2023 in Tel Aviv: Day 2, January 31, 2023
  • Protecting Your Privacy: A Look at the State of GDPR in the EU
  • Cybertech 2023 in Tel Aviv: Day 1, January 30, 2023
  • Identity has become the new attack surface
  • The Cybersecurity Risks of Automated Tutoring in Higher Education
  • The Cybersecurity Landscape in the Era of 5G: Challenges and Opportunities
  • The Hidden Dangers of Public USB Charging Ports: How to Protect Your Devices
  • How to encrypt and decrypt text messages with ChatGPT
  • The Impact of Artificial Intelligence on Cybersecurity

ESN

App Coding 2022
Blockchaining Conference 2022 Set Agenda for Inclusive Web 3
Upcoming tech conferences
Get to Know the Final Slate of SIGGRAPH 2021 Featured Speakers
IOT Solutions World Congress (IOTSWC), May 10-12 2022, Barcelona

Calendarial

Austrian National Day 2022, 26 October
National Chicken Wing Day, July 29
World Cities Day 2022, October 31
December 16, Today is Wassily Kandinsky’s 156th Birthday!
Alternative Investment Summit, October 17 – 19, 2022, Beverly Hilton, Los Angeles, California

Tech Events

Flash Memory Summit 2022 (FMS), August 2-4 2022, Santa Clara Convention Center, Santa Clara, California
Oracle CloudWorld Las Vegas, October 17-20, 2022
VMware Explore 2022 US, Aug. 29-Sept. 1, 2022, Moscone Center, San Francisco
DesignCon, the premier event in high-speed communications and system design, August 16-18 2021, San Jose McEnery Convention Center
Powerful Keynote Speakers, Musical Headliners Announced for Ignite 2021 Logistics Tech Conference, August 3-5, 2021, San Antonio

Event Calendar

NRF Big Show 2022, January 16-18, 2022, Javits Center, NYC
InfoComm, June 8-10 2022, Las Vegas
Guadalajara International Book Fair (La Feria Internacional del Libro de Guadalajara, better known as FIL), November 28 – December 6, 2020
IAA Mobility 2021, September 6-12, 2021, Munich, Germany
Electrify Expo, North America’s largest electric-vehicle festival, August 27-28 2022, Nassau Coliseum, New York

Copyright © 2022 CybersecurityMarket.com

Technologies, Market Analysis & Market Research

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT