North Korea ramps up ‘Operation GhostSecret’ cyber espionage campaign

April 30, 2018

On the eve of a historic summit with its rival neighbor South Korea and possible subsequent talks with the U.S. President Donald Trump in the coming weeks, North Korea continues full-steam ahead in its mission to gather intelligence and generate income for the regime via its notorious nation-state hacking machine.

North Korea’s pervasive Lazarus Group, aka Hidden Cobra, was recently discovered ramping up a global cyber espionage campaign dubbed Operation GhostSecret, stealing information from organizations in the critical infrastructure, entertainment, finance, healthcare, and telecommunications sectors. Researchers from McAfee unearthed the wave of attacks, which they say first started with targeted hacks of banks in Turkey last month.

At the time, Ryan Sherstobitoff, McAfee’s senior analyst of major campaigns, told Dark Reading he believed the Turkish bank targets were part of an ongoing campaign. The goal could be to “surveil their operations, establish functions of their processes, and ultimately compromise funds,” he said.

Days after McAfee published those findings on the attacks on the Turkish financial industry via the so-called Bankshot Trojan implant, the researchers spotted the same spying malware in organizations in 17 countries. McAfee is working with the government in Thailand—where most of the attacks have occurred to date—to shut down Operation GhostSecret’s control-server infrastructure.

Operation GhostSecret employs multiple custom malware implants to pilfer information from its targets, and attempts to evade detection, including a new variant that looks a lot like Destover, the malware Lazarus Group used in its massive hack of Sony Pictures in 2014. In addition, researchers discovered a new malware family called Proxysvc, which they believe was used with the 2017 Destover variant, which is supported by a server infrastructure with IP addresses in India.

Dark Reading has the full article

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...