A possible North Korean government-connected cyber-espionage campaign that targeted the defense industry stretched further than originally known when it was inititally uncovered this summer, researchers said.
“Operation North Star” went beyond targeting South Korea to include Australia, India, Israel and Russia, McAfee said in a report out Friday. And its motives and methods seem to be clearer now, too, according to researchers.
Israel’s Ministry of Defense had previously blamed Lazarus Group, which the U.S. government calls Hidden Cobra, for sending phony job offers in its defense sector — a tactic that lined up with McAfee’s earlier description of Operation North Star tactics. Additionally, the campaign used a previously undiscovered implant called Torisma that it deployed to burrow further into victims’ systems, McAfee said.
The tactic represents the kind of digital spying technique that would have given hackers access to machines belonging to job applicants positioned near military organizations — just the kind of targets that a foreign government would value.
“The campaign’s technologies and tactics — the installation of data gathering and system monitoring implants — suggests that the adversary is in a position to remain persistent, conduct surveillance on and exfiltrate sensitive data from its defense sector victims,” the report reads.
And the attackers had priorities.
“The detailed job descriptions used to lure victims and the selective use of the Torisma implant suggest that the attacker ..
Support the originator by clicking the read the rest link below.
