As President Donald Trump met with Kim Jong Un in Hanoi, Vietnam for their second summit last week, hackers linked to North Korea reportedly continued attacks on targets in the US and others.
The attacks, first reported by The New York Times citing researchers at cybersecurity firm McAfee, allege that North Korean hackers have engaged in an 18-month-long operation against American and European businesses that continued during the collapsed summit between Kim and Trump.
McAfee published a report on the global espionage effort — dubbed Operation Sharpshooter — on Sunday, revealing that hackers targeted more than 80 organizations across key industries including energy and telecommunications, as well as government and defense sectors.
The report added that Sharpshooter appeared to target financial and government services primarily in the US, UK, Germany, and Turkey, though previous attacks also hit services in Switzerland and Israel. McAfee says the attacks were first discovered in December 2018, but may have started as early at September 2017.
According to the report, the attacks bore striking similarities to previous efforts perpetrated by North Korean state-sponsored cyber unit Lazarus Group. This included similar computer source code and a very similar fake job recruitment campaign previously utilized in by the group.
According to the Times, McAfee researchers were working with an undisclosed law enforcement agency and were able to access one of the main servers used by the hackers and watched attacks unfold in real time. Those attacks primarily focused on banks, utilities and oil and gas companies, with over 100 targets in the US and across Europe.
“Access to the adversary’s command-and-control server code is a rare opportunity,” Christiaan Beek, McAfee senior principal engineer and lead scientist, wrote in Sunday’s report. “These systems provide insights into the inner workings of cyberattack infrastructure, are typically seized by law enforcement, and only rarely made available to private sector researchers.”
The North Korean hacking group has been suspected of masterminding malware for several high-stakes hacks in recent years, including the 2014 attack on Sony Pictures and the global WannaCry attack in 2014. The group was also linked to an initiative last year dubbed Operation GhostSecret, which sought to steal sensitive data from a wide range of industries across 17 countries, including servers in the US, Australia, Japan and China.