In what can be considered as a rare move, the government officials have data of security researches of a seized server which is believed to be used by the North Korean hackers to launch a massive number of target attacks last year. The server had been named as Operation Sharpshpoooter by the North Korean hackers. The hackers used this server to deliver a malware campaign with the aim of targeting governments, telecom industries, and defense contractors.
The first instance of such a malware campaign was reported in December. The North Koreans used the server, Operation Sharpshooter to send a number of malicious word documents to the government, telecom industries, and defense contractors. This malicious word document when opened would run macro-code in order to download a second stage implant which is generally dubbed as Rising Sun by the North Korean hackers. This further was used by the hackers to conduct reconnaissance and steal the user data of the concerned authorities.
According to the reports provided by www.oodaloop.com, the server named as Operation Sharpshooter was used by the North Korean hackers to initially target a broader range of various industries and countries to steal the user data of the authorities. The threat of Operation Sharpshooter was also aimed towards financial services and the critical infrastructures of Europe, the U.K as well as the U.S.
As per the statement by www.rocketnews.com a US government agencies made possible the McAfee research possible by providing the company access to the server Operation SharpShooter command and control (C2) server. This backdoor malware enabled the hackers to gain access to the user data and spy on their targets thereby stealing their data which are entirely confidential and the leakage of which can lead to quite difficult circumstances. Though the researchers suspect Lazarus to be behind this hacking system, they still do not have any evidence to prove their suspicion.