A server likely used by Lazarus Group offers clues to a broader espionage campaign - CyberScoop

A server likely used by Lazarus Group offers clues to a broader espionage campaign - CyberScoop: An analysis of a command-and-control server suspected of being used by North Korean hackers shows it was the centerpiece of a previously discovered global espionage campaign that is broader and longer-running than initially understood, security researchers with McAfee announced Sunday. The campaign began as early as September 2017, a year earlier than previously documented, and is targeting financial services and government organizations, among others, researchers said. Most of the malicious activity is against organizations in Germany, Turkey, the U.S., and the United Kingdom, the researchers said. In December, McAfee published research on the espionage campaign, dubbed Operation Sharpshooter, saying it hit 87 organizations – including those in the nuclear, defense, and financial sectors – in October and November alone. After picking apart code and other data from the server, McAfee researchers say they’ve found “striking similarities” between last year’s attacks and several others attributed to Lazarus Group, a broad set of …

explicita