Target Locked: Operation Sharpshooter
Contents
Operation Sharpshooter is one of the most significant cyberattacks orchestrated by the North Korean-based adversary known as Lazarus Group. Conducted between October and November 2018, the operation targeted multiple sectors, particularly finance, energy, and defense, affecting over 80 organizations worldwide, with a primary impact on the United States. This blog post will explore the operation’s details, attack methods, and its broader implications. We will also discuss how AttackIQ Flex can help organizations test their defenses against this cyberattack campaign.
Attack Vector and Initial Compromise
The attack began with the delivery of a malicious Microsoft Office document, which was designed to deploy the Rising Sun implant on the victim’s system. This implant sought persistence by creating an entry in the Startup folder, ensuring the malware would execute each time the system restarted. The use of a benign-seeming Office document is a common tactic in modern cyberattacks, as it leverages trust in widely used …
Attack Vector and Initial Compromise
The attack began with the delivery of a malicious Microsoft Office document, which was designed to deploy the Rising Sun implant on the victim’s system. This implant sought persistence by creating an entry in the Startup folder, ensuring the malware would execute each time the system restarted. The use of a benign-seeming Office document is a common tactic in modern cyberattacks, as it leverages trust in widely used …