One aspect of our lives is impacted by a particular industry. Without this in place, our lives would be drastically, significantly different. This industry would be the defense industry. Another pertinent function involves the government, which is likewise integral to our society. In the past, these have been attacked successfully and compromised several times through the years. As targets, these continue to be ripe with data and information useful and able to be sold. To accomplish this end, there has been a campaign to breach the government and defense firms. The data held in these two organizations is very useful to many parties across the globe.
This campaign was recently in use. The focus was to target defense businesses and government agencies. The attackers were able to compromise dozens of these organizations across the world. The operation was active from October to November 2018. There were 87 companies targeted. These were geographically located in 24 countries. These were primarily in the nuclear, defense, energy, and finance industries. These were located in the US, South America, Europe, Middle East, India, Austriali, and Japan. The attackers used as their tool an openly accessible tool used by consumers and businesses every single day. The attackers used social media to send their messages. These were disguised as recruitment documents, when these were actually documents with a little malicious intent sprinkled in.
Once the target opened the attachment, the "Rising Sun" malware was installed and hilarity ensued. This appears to be an updated Trojan Duuzer, which was previously used in the Sony attack from years ago. This would send the data to its command & control (C&C) server via http POST requests. Typically, this would access and exfiltrate the usernames, IP addresses, network configurations, and system settings. Oher sensitive data would also been attacked, if possible. All of this was done with the 14 distinct capabilities this was coded with, summarized as intelligence gathering, encryption, exfiltration, and terminating processes. This could be used as a first step of a larger attack. This was another example of a successful social engineering attack.
This successful campaign emphasizes the need to provide adequate training for the staff on phishing and what to look for in these.
Barth, B. (2018, December 12). 'Sharpshooter' cyberespionage campaign scopes out defense, critical infrastructure sectors. Retrieved from https://www.scmagazine.com/home/security-news/sharpshooter-espionage-campaign-scopes-out-defense-critical-infrastructure-sectors/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!