Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

McAfee Research Gives Rare Look Inside Command and Control of Nation-State Cyber Espionage Campaign

Ongoing Campaign Primarily Targets Finance, Government and Critical Infrastructure Globally

RSA Conference USA 2019 – McAfee  revealed evidence that the Operation Sharpshooter campaign exposed in 2018 is more extensive in complexity, scope and duration of operations. McAfee Advanced Threat Research conducted a detailed analysis of code and data from a command-and-control server responsible for the management of the operations, tools and tradecraft behind this global cyber espionage campaign. This content was provided to McAfee for analysis by a government entity that is familiar with McAfee’s published research on this malware campaign. The analysis led to identification of multiple previously unknown command-and-control centers, and suggest that Sharpshooter began as early as September 2017, targeted a broader set of organizations, in more industries and countries and is currently ongoing.

“McAfee Advanced Threat Research analysis of the command-and-control server’s code and data provides greater insight into how the perpetrators behind Sharpshooter developed and configured control infrastructure; how they distributed the malware; and how they stealthily tested campaigns prior to launch”

“McAfee Advanced Threat Research analysis of the command-and-control server’s code and data provides greater insight into how the perpetrators behind Sharpshooter developed and configured control infrastructure; how they distributed the malware; and how they stealthily tested campaigns prior to launch,” said Raj Samani, McAfee Fellow and chief scientist. “This intelligence is invaluable in deepening our understanding of the adversary, which ultimately leads to better defenses.”

Read More: What is Artificial Intelligence: 5 Definitions To Help You Understand the Science

Related Posts
1 of 4,841

In December 2018, McAfee Advanced Threat Research first uncovered Operation Sharpshooter, a global cyber espionage campaign targeting more than 80 organizations across critical industries including the telecommunications, energy, government and defense sectors. Analysis of the new evidence has exposed striking similarities between the technical indicators, techniques and procedures exhibited in these 2018 Sharpshooter attacks, and aspects of multiple other groups of attacks attributed by the industry to the Lazarus Group. This includes, for example, the Lazarus group’s use of similar versions of the Rising Sun implant d***** back to 2017, and source code from the Lazarus Group’s infamous 2016 backdoor Trojan Duuzer.

“Technical evidence is often not enough to thoroughly understand a cyber attack, as it does not provide all the pieces to the puzzle,” said Christiaan Beek, McAfee senior principal engineer and lead scientist. “Access to the adversary’s command-and-control server code is a rare opportunity. These systems provide insights into the inner workings of cyberattack infrastructure, are typically seized by law enforcement, and only rarely made available to private sector researchers. The insights gained through access to this code are indispensable in the effort to understand and combat today’s most prominent and sophisticated cyber attack campaigns.”

Read More: Autotalks and CEVA Collaborate on World’s First Global V2X Solution

Having begun approximately a year earlier than previously evidenced and still ongoing, these attacks appear to now focus primarily on financial services, government and critical infrastructure. The largest number of recent attacks primarily target Germany, Turkey, the United Kingdom and the United States. Previous attacks focused on telecommunications, government and financial sectors, primarily in the United States, Switzerland, and Israel, and others.

  • Hunting and spearphishing. Operation Sharpshooter shares multiple design and tactical overlaps with several campaigns, for example a very similar fake job recruitment campaign conducted in 2017 that the industry attributes to Lazarus Group.
  • African connection. Analysis of the command-and-control server code and file logs also uncovered a network block of IP addresses originating from the city of Windhoek, located in the African nation of Namibia. This led McAfee Advanced Threat Research analysts to suspect that the actors behind Sharpshooter may have tested their implants and other techniques in this area of the world prior to launching their broader campaign of attacks.
  • Maintaining access to assets. The attackers have been using a command-and-control infrastructure with the core backend written in Hypertext Preprocessor (PHP) and Active Server Pages (ASP). The code appears to be custom and unique to the group and McAfee’s analysis reveals it has been part of their operations since 2017.
  • Evolving Rising Sun. The Sharpshooter attackers used a factory-like process where various malicious components that make up Rising Sun have been developed independently outside of the core implant functionality. These components appear in various implants d***** back to 2016, which is one indication that the attackers have access to a set of developed functionalities at their disposal.

Read More: German Cybersecurity Company Launches Unblockable, Anonymous Instant Messenger

36 Comments
  1. Hakan Şükür Son Hali says

    Türkiye’daki en iyi online c***** oyunları.
    Orta doğu 2027 hem kilitler açık hemde para hileli yaparmısınız, oyun sağlayıcı firma seçimi yaparak.
    Okumaya devam et “Indirmeden ücretsiz C***** Oyunları Oyna Türk 2022 online casinoları”
    info@ ; 13; 99; HAKKIMIZDA; HİZMETLER; TAAHHÜT.

  2. I think this is one of the such a lot significant information for me.

    And i am happy studying your article. But want to remark on some normal things, The website style is wonderful, the articles is
    in point of fact great : D. Excellent activity,
    cheers

  3. It’s wonderful that you are getting ideas from this piece of writing as well as from
    our argument made at this place.

  4. Right now it looks like Drupal is the top blogging platform
    out there right now. (from what I’ve read) Is that what you’re using on your blog?

  5. Hello! Someone in my Myspace group shared this website with us so I came
    to take a look. I’m definitely enjoying the information. I’m book-marking and will be tweeting this
    to my followers! Outstanding blog and brilliant design and
    style.

  6. Highly descriptive blog, I liked that a lot.

    Will there be a part 2?

  7. Simply want to say your article is as surprising. The clarity to your post is just excellent and that
    i can suppose you’re knowledgeable on this subject.
    Fine along with your permission let me to snatch your RSS feed to stay updated with drawing close
    post. Thank you one million and please carry
    on the enjoyable work.

  8. Somebody necessarily assist to make severely articles I’d state.
    That is the first time I frequented your web page and up to now?

    I surprised with the research you made to create this particular publish
    extraordinary. Fantastic job!

  9. Copper scrap trade policies says

    Copper scrap industry best practices Copper scrap product innovation Scrap metal quality control
    Waste Copper cable recycling, Scrap metal handling equipment, Copper scrap baling

  10. современный медцентр экспертизы временной нетрудоспособности Москва says

    клиника укрепления здоровья Москва где купить мед справку купить справку медицинскую в Москве

  11. человек в снегу к чему снится как побыстрей продать квартиру
    заговоры 100 пить во сне сонник ванги
    7 кубков и 3 жезлов, 7 кубков здоровье таро купить карты таро ангелы

  12. ¿dónde comprar medicamentos de forma segura?
    Marksans Le Havre farmaci disponibile senza prescrizione
    ad Amsterdam

  13. pletal en vente libre en ligne says

    Medikamentenpreise in der Elfenbeinküste Apofri Sint-Truiden medicamentos recomendado por médicos

  14. одна гвоздика сонник мужики во сне снятся к чему снятся когда тебя порезали
    ножом
    к чему снится умываться молоком женщине к чему снится
    конфликт с незнакомой девушкой

  15. карта император в раскладе таро, император таро карта дня убивать змей
    приснилось луна вокруг солнца за сколько
    число 009 значение к чему снится рыбалка на удочку,
    ловить рыбу во сне руками мужчине

  16. сонник кормить бурого медведя, приснился медведь ломится в дверь заговор бабушки на внучку снится что
    в руках пустое ведро
    к чему снится срывать спелые
    вишни сон мерить чужую обувь

  17. як намалювати з аніме магічна битва до чого сниться згоряння
    план молитви за сім’ю як покарати пліткаря змова

  18. kazakhstan winter itinerary says

    әділ мемлекет, жолдау 2022 1 қыркүйек қысқаша концерты в казахстане 2022, концерты алматы 2022 купить кубик рубика в
    казахстане, купить кубик рубика в астане жк ален
    – продажа квартир, жк ален
    отзывы

  19. знак зодиака 16 ноября 1994 молитвы чтобы сын перестал пить алкоголь
    2011 год чего по знаку зодиака
    мальчик приснился с пятницы на субботу что значит черный приворот на фото девушки

  20. Order ventipulmin hassle-free says

    aankoop van medicijnen in Quebec Heumann Mons (Bergen) medicamentos
    precio en Argentina

  21. алгашкы махаббат текст
    магжан хамит, песня алгашкы махаббат
    правила нун с сукуном, изхар примеры из корана қалқаман сарин
    күз бен біз, қалқаман сарин
    арқаның аруы айсұлу текст барыш керек, ben aşkımın delisiyem

  22. өлі кеңістік ауасы, ұлпалық тыныс алу биохимия isbn проверить, проверить isbn онлайн табиғат құбылыстары не жатады, қандай табиғат құбылыстары бар марани вино, марани вино
    цена

  23. табиғат туралы шығармалар, табиғат біздің байлығымыз шығарма
    атоми хемохим, хемохим плохие отзывы ұлт азаттық қозғалыс себептері,
    ұлт азаттық көтеріліс салдары
    сақтарда обалар көлемінің әртүрлі болуының кемінде 3
    себебін анықтаңыз., сақ қоғамы үш топқа бөлінді

  24. aq-jol apartment, bi group 7111 оператор,
    видеозвонок халык банк старые клубы астаны, забери меня
    клуб астана масанчи улица алматы, масанчи город

  25. коркыт ата кюи says

    мәтіндегі сөздердің тақырыпқа
    сай орынды қолданылуын тексеріңіз синонимдік, 9-тапсырма.
    жилищный фонд астана, департамент жилья астана мың бала
    олимпиада тест жауаптарымен, мың бала олимпиада пәндері сколько молока в манную кашу, как варить манную кашу на молоке и воде

  26. linux 32-bit, ncalayer linux тіл мерекесінің ашылуы,
    тілдер мерекесі құтты болсын все песни
    еркеш хасен, еркеш хасен кызым текст к чему снятся
    тараканы и осы, к чему снятся мухи мужчине

  27. тоқтар әубәкіров ғарышқа неше рет
    ұшты, тоқтар әубәкіров қазақтың тұңғыш ғарышкері путешественник во времени, форум путешественников во времени ахмет байтұрсынұлы 1909 жылы, ахмет байтұрсынов қоғамдық қызметі тотал 0.5
    больше это, тотал 1 больше это

  28. порча через сигарету какой
    знак зодиака не подходит рыбе молитва иконе божией матери в родах помощнице в родах
    к чему сниться бриться опасной бритвой сколько зубов у бегемота
    сверху и снизу, сколько зубов у человека

  29. обитель зла: финальная битва, обитель зла 2017 терезедегі жылыжай сынып сағаты топонимы нашего
    края, топонимы алматы қарағанды медициналық
    университеті, семей медициналық университеті

  30. almaty hotels 5-star, best hotels in almaty eyfel eau de parfum каталог, eyfel eau de parfum женские ішкі секреция бездерінде неліктен гольджи жиынтығы жақсы дамыған, сыртқы секреция
    бездері форте банк розыгрыш 2022, форте банк номер

  31. 6 по нумерологии ангелов к чему снится что
    меня кусает оса есть молитва чтобы муж
    перестал пить
    какие утренние молитвы читать
    на вознесение гадания на зачатие онлайн на картах таро на

  32. как можно заниматься фрилансом подработка в нижнеудинске для школьников подработка район вешняки работа дома дети карантин

  33. к чему снится страшный сон со среды
    на четверг православное снятие порчи и сглаза есть соленое во сне
    приснился за рулем грузовика к чему сниться плакат во
    сне

  34. Pourquoi les personnes âgées ne peuvent-elles pas prendre de l’ibuprofène Est-ce mauvais de mettre de la glace sur le ventre Comment aller à la selle en 5 minutes Est-ce
    que TYLENOL est de l’ibuprofène

  35. к чему снятся руки в крови после
    драки гороскоп на неделю водолеи женщины снится огород овощами
    к чему снятся собирать много иголок псалмы очищающие от порчи

  36. medicijnen pil in Nederland Labesfal Colmar
    comprar medicamentos en España de manera sencilla

Leave A Reply

Your email address will not be published.