Operation Sharpshooter

Operation Sharpshooter has you targeted
-Charles Parker, II

One aspect of our lives is impacted by a particular industry. Without this in place, our lives would be drastically, significantly different. This industry would be the defense industry. Another pertinent function involves the government, which is likewise integral to our society. In the past, these have been attacked successfully and compromised several times over the years. As targets, these continue to be ripe with data and information useful and able to be sold. To accomplish this end, there has been a campaign to breach the government and defense firms. The data held in these two organizations is very useful to many parties across the globe.

Operation Sharpshooter
This campaign was recently in use. The focus was to target defense businesses and government agencies. The attackers were able to compromise dozens of these organizations across the world. The operation was active from October to November 2018. There were 87 companies targeted. These were geographically located in 24 countries. These were primarily in the nuclear, defense, energy, and finance industries. These were located in the US, South America, Europe, Middle East, India, Australia, and Japan. The attackers used as their tool an openly accessible tool used by consumers and businesses every single day. The attackers used social media to send their messages. These were disguised as recruitment documents when these were actually documents with a little malicious intent sprinkled in.

Once the target opened the attachment, the "Rising Sun" malware was installed and the hilarity ensued. This appears to be an updated Trojan Duuzer, which was previously used in the Sony attack from years ago. This would send the data to its command & control (C&C) server via http POST requests. Typically, this would access and exfiltrate the usernames, IP addresses, network configurations, and system settings. Oher sensitive data would also been attacked, if possible. All of this was done with the 14 distinct capabilities this was coded with, summarized as intelligence gathering, encryption, exfiltration, and terminating processes. This could be used as the first step of a larger attack. This was another example of a successful social engineering attack.

This successful campaign emphasizes the need to provide adequate training for the staff on phishing and what to look for in these.


Resources
Barth, B. (2018, December 12). 'Sharpshooter' cyberespionage campaign scopes out defense, critical infrastructure sectors. Retrieved from https://www.scmagazine.com/home/security-news/sharpshooter-espionage-campaign-scopes-out-defense-critical-infrastructure-sectors/

Browne, R. (2018, December 12). Hackers hit global government and defense firms with cyberspying campaign, McAfee says. Retrieved from https://www.cnbc.com/2018/12/12/mcafee-operation-sharpshooter-hack-hit-government-defense-firms.html

EHacking News. (2018, December 12). Malware 'operation sharpshooter' hits government and defense firms: McAfee. Retrieved from https://www.ehackingnews.com/2018/12/malware-operation-sharpshooter-hits.html

IBS Intelligence. (2018, December 12). New malware 'operation sharpshooter' hits global defense, finance and critical infrastructure claims mcafee. Retrieved from https://ibsintelligence.com/ibs-journal/new-malware-peration-sharpshooter-hits-global-defense-finance-and-critical-infrastructure-claims-mcafee/

Muncaster, P. (2018, December). Operation sharpshooter targets nue and defene firms. Retrieved from https://www.infosecurity-magazine.com/news/operation-sharpshooter-targets/

Palmer, D. (2018, December 12). Global hacking campaign takes aim at finance, defence and engery companies. Retrieved from https://www.zdnet.com/article/global-hacking-campaign-takes-aim-at-finance-defence-and-energy-companies/

Sherstobitoff, R., & Malhotra, A. (2018, December 12). 'Operation sharpshooter' targets global defense, critical infrastructure. Retrieved from https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/