A global cyber espionage campaign, known as Operation Sharpshooter, started a year earlier than previously thought and is still ongoing, say security researchers, adding that a group linked to North Korea could be behind the campaign.
The findings were revealed after researchers at US-headquartered global cybersecurity firm McAfee got a rare opportunity to examine the code and data from a command-and-control server responsible for the management of the operations, tools and tradecraft behind this global cyber espionage campaign.
McAfee on Sunday said the command-and-control server code was provided by a government entity.
“Access to the adversary’s command-and-control server code is a rare opportunity. These systems provide insights into the inner workings of cyberattack infrastructure, are typically seized by law enforcement, and only rarely made available to private sector researchers,” Christiaan Beek, McAfee Senior Principal Engineer and Lead Scientist, said in a statement.
McAfee first uncovered Operation Sharpshooter in December 2018.
The new analysis suggests that the campaign began as early as September 2017 — approximately a year earlier than previously evidenced — and is still ongoing.
Analysis of the new evidence has exposed striking similarities between the techniques used in the Sharpshooter attacks and aspects of multiple other groups of attacks attributed by the industry to the Lazarus Group, McAfee said.
The Lazarus Group is linked to North Korea which was blamed for the 2016 Sony hack and the WannaCry ransomware outbreak in 2017 among other attacks on global businesses.
The Sharpshooter attacks appear to now focus primarily on financial services, government and critical infrastructure,McAfee said, adding that the largest number of recent attacks primarily target Germany, Turkey, Britain and the US.
Previous attacks focused on telecommunications, government and financial sectors, primarily in the US, Switzerland, Israel and others, it added. (IANS)
With negotiations at an impasse, Washington has imposed additional sanctions on those assisting Pyongyang — the first such action since February’s failed summit in Hanoi between President Donald Trump and North Korean leader Kim Jong Un.
“This is not really about intensification of pressure,” a senior U.S. administration official said. “This is about maintaining pressure as defined by the international community.”
Thursday’s sanctions by the U.S. Treasury Department on two China-based shipping companies were the latest evidence of some “leakage” in the enforcement of sanctions by Beijing, but U.S. officials said that overall, China was abiding by the U.N. resolutions slapped on North Korea for its nuclear weapon and ballistic missile programs.
Washington wants Pyongyang to surrender its entire nuclear arsenal and other mass-destruction weapons before being granted any relief from sanctions. The North Koreans insist on sanctions relief before halting production of fissile materials.
“Insisting on unilateral North Korean disarmament upfront is pushing on the wrong door. We should be pushing to first slow the program, then cap it, and ultimately keep rollback and disarmament the long-term goal,” said Vipin Narang, associate professor of political science at the Massachusetts Institute of Technology. “But every month that passes without a grand deal is one in which North Korea’s nuclear program continues to grow larger — increasing the risk of its own use and proliferation to other countries — and the chances of a deal grow smaller.”
Analysts also worry Kim could grow impatient, turn away from diplomacy with Trump and look to China to provide sanctions relief that North Korea desperately needs.
“I’m not sure we can be confident that Beijing will uphold enforcement after Trump so abruptly walked away from negotiations with North Korea,” said Jean Lee, who directs the center for Korean history and public policy at the Wilson Center, a global policy research group in Washington. “I do hope North Korea sticks to negotiation and does not resort to provocation. If Pyongyang doesn’t get the response it craves and needs from Washington, North Korea may turn back to a tried and tested strategy: to get Trump, and the world’s attention, with another illicit missile launch or test.”
U.S. officials on Thursday, speaking to reporters on condition of not being named, expressed patience and confidence with their stance toward North Korea.
“What they’re facing now is unprecedented,” said one U.S. official of the sanctions on North Korea. “We’ll give it some time.”
Lee, currently in Seoul, told VOA she found it “interesting that we’re back to a form of strategic patience. There was high hope, especially here in Seoul, that Trump’s impatience and unpredictability would lead to fast movement on North Korea. But the Trump administration is finding that it’s much tougher than the president may have thought of simply bullying Kim into acquiescence.”
A prolonged lull in talks “could become risky, and maintaining maximalist positions will not be sustainable,” said Duyeon Kim, an adjunct senior fellow at the Center for a New American Security, a national security research group in Washington.
“They need to negotiate a denuclearization-peace road map soon and preferably an interim agreement on fissile materials. Rapid and complete denuclearization is not realistic. Denuclearization will have to occur in stages but in accordance with an agreed road map on how this all ends,” Kim told VOA.
The current primary point of pressure on Pyongyang by the international community is on entities, including their ships, involved with illicitly exporting North Korean goods, such as coal, and taking products — especially petroleum — into the impoverished country in violation of U.N. sanctions.
Unless North Korea denuclearizes, “we’re going to maintain that pressure,” a senior U.S official said.
A coalition of countries — using their vessels, aircraft and classified intelligence means — are daily watching the movement of ships involved in the illegal trade.
North Korea and those helping it are trying to obscure identities of ships and cargo by disabling or manipulating systems that identify the vessels for safety and navigation, physically altering vessel identifications and making ship-to-ship transfers to avoid ports, according to a sanctions advisory jointly issued Thursday by the U.S. Treasury and State departments and the Coast Guard.
Neither the United States nor any other country has moved to interdict the offending ships.
“I don’t want to talk about potential steps we may or may not take,” replied a senior administration official when asked by VOA whether there was discussion here about using the U.S. Navy or Coast Guard in international waters to take such action.