Tuesday January 28, 2020
Home Lead Story North Korean-...

North Korean-backed ‘Sharpshooter’ Cyber Attacks Still on, Says McAfee Report

Previous attacks focused on telecommunications, government and financial sectors, primarily in the US, Switzerland, Israel and others

0
//
Logo of McAfee
Logo of McAfee. Flickr

A global cyber espionage campaign, known as Operation Sharpshooter, started a year earlier than previously thought and is still ongoing, say security researchers, adding that a group linked to North Korea could be behind the campaign.

The findings were revealed after researchers at US-headquartered global cybersecurity firm McAfee got a rare opportunity to examine the code and data from a command-and-control server responsible for the management of the operations, tools and tradecraft behind this global cyber espionage campaign.

McAfee on Sunday said the command-and-control server code was provided by a government entity.

“Access to the adversary’s command-and-control server code is a rare opportunity. These systems provide insights into the inner workings of cyberattack infrastructure, are typically seized by law enforcement, and only rarely made available to private sector researchers,” Christiaan Beek, McAfee Senior Principal Engineer and Lead Scientist, said in a statement.

McAfee first uncovered Operation Sharpshooter in December 2018.

cyberattack
Image source: wordpress.com

The new analysis suggests that the campaign began as early as September 2017 — approximately a year earlier than previously evidenced — and is still ongoing.

Analysis of the new evidence has exposed striking similarities between the techniques used in the Sharpshooter attacks and aspects of multiple other groups of attacks attributed by the industry to the Lazarus Group, McAfee said.

The Lazarus Group is linked to North Korea which was blamed for the 2016 Sony hack and the WannaCry ransomware outbreak in 2017 among other attacks on global businesses.

Also Read- ISRO Launches ‘Young Scientist’ Programme to Train Students in Space Science

The Sharpshooter attacks appear to now focus primarily on financial services, government and critical infrastructure,McAfee said, adding that the largest number of recent attacks primarily target Germany, Turkey, Britain and the US.

Previous attacks focused on telecommunications, government and financial sectors, primarily in the US, Switzerland, Israel and others, it added. (IANS)

Next Story

Hackers Use Data Protection Websites to Hack User Data: Study

In any possible scenario - be it the absence of the SSN or entering the correct existing SSN - the website alerts mistakes and offers to sell a temporary one for the $9 price

0
Hackers
Experts at cybersecurity firm Kaspersky detected this new online fraud scheme where Hackers urge users to buy 'temporary US social security numbers' worth around $9 each. Pixabay

In a unique online fraud, hackers are tricking people into thinking that they own compensation after being victims of personal data frauds, and under the pretext of offering them money, are fleecing them, a new report said on Monday.

Experts at cybersecurity firm Kaspersky detected this new online fraud scheme where scammers urge users to buy ‘temporary US social security numbers’ worth around $9 each.

Victims were found in Russia, Algeria, Egypt and the UAE as well as other countries.

The scheme involves a website allegedly owned by the Personal Data Protection Fund, founded by the US Trading Commission.

The fund issues compensation to those who may have been subject to a personal data leak and is available to citizens from any country in the world.

For those interested, the site offers to check whether user data has ever been leaked.

For this, one needs to provide their specific surname, first name, phone number, and social media accounts.

Once this has been done, an alert is shown indicating that the user has experienced a leak, which can include data such as photos, videos, and contact information, entitling the user to compensation of thousands of dollars.

Hackers
In a unique online fraud, hackers are tricking people into thinking that they own compensation after being victims of personal data frauds, and under the pretext of offering them money, are fleecing them. Pixabay

“However, fraudsters do not just ask for a user to enter a bank card number and wait for the payment to be credited; users inevitably need to offer their own social security numbers,” the report noted.

In any possible scenario – be it the absence of the SSN or entering the correct existing SSN – the website alerts mistakes and offers to sell a temporary one for the $9 price.

Upon agreement, the victim is redirected to this payment form in Russian or English with the purchase price specified in rubles or dollars, respectively. The specific form depends on the victim’s IP address, the experts noted.

“The scammers themselves are most likely Russian speakers, as suggested by the request for payments in rubles, plus the suspicious similarity of the scheme to other easy money offers that regularly tempt residents of Russia and the CIS (Commonwealth of Independent States),” said Tatyana Sidorina, Security expert at Kaspersky.

The e-bait in those schemes varies — giveaways, surveys, secret retirement savings, even a part-time job as a taxi dispatcher — but they tend to be in Russian (as are some of the preceding links).

The bottom line is always the same: the juicy promise of quite a bit of easy money, followed by a demand to pay for an inexpensive service, be it a commission, a ‘securing’ payment, or a temporary SSN.

Hackers
“However, Hackers do not just ask for a user to enter a bank card number and wait for the payment to be credited; users inevitably need to offer their own social security numbers,” the report noted. Pixabay

“The new scheme is quite a topical one and is related to offering compensation for data leaks. Once some organizations have started to pay users, fraudsters decided there is a monetary opportunity for them as well,” Sidorina added.

ALSO READ: People with Inadequate Food Access Likely to Die Prematurely: Study

In order to stay protected from the potential risks of online fraud, do not trust payment offers, use trusted resources and utilize a reliable security solution, said the researchers. (IANS)