back to article McAfee: Oops, our bad. Sharpshooter malware was the Norks' Lazarus Group the whole time

McAfee (the antivirus firm, not John the dodgy "playboy") reckons the Sharpshooter malware campaign it uncovered in late 2018 is the work of North Korean hacking crew the Lazarus Group. Thanks to data from a command-and-control server that was "provided to McAfee for analysis by a government entity that is familiar with McAfee …

  1. Crazy Operations Guy Silver badge

    "state hackers weren't smart enough for false flags"

    Why would they want to hide? I can think of no reason why they'd want to waste the time and resources to hide their activities. If anything, being discovered is a good thing for them, it shows off their technical prowess and demonstrates that they just don't care. Besides, what's the West going to do, throw more ineffective sanctions at them?

    North Korea is a nation seeking to show they aren't to be disregarded and ignored, creating malware that strikes at least a little panic in their enemies is a very cost-effective path to that.

    1. doublelayer Silver badge

      Re: "state hackers weren't smart enough for false flags"

      They wouldn't really want to hide unless they had something new and didn't want extra attention, I.E. not what happened here. However, someone else might want to disguise themselves as North Korea, simply because it means tracking down the real them is harder. That was the risk in a false flag. Russia's attack on the olympics in 2018 was disguised to appear North Korean, and you could see a criminal group doing so as well for extra security against attribution, whether they end up getting that or not.

      1. Version 1.0 Silver badge

        Re: "state hackers weren't smart enough for false flags"

        In this game you hide some things and leave others out in the sunlight - when the malware is discovered in the sunlight people often stop looking under the stones nearby.

        For example, here's my guaranteed method of always hitting someone with a snowball. You make two snowballs and you throw one at them in a high curve, the target person will watch it as it comes down towards them to make sure it doesn't hit them - so you throw the second snowball straight at them and you'll hit them every time. It's never failed me.

  2. Anonymous Coward
    Anonymous Coward

    I have to give McAfee credit

    for waiting until they had hard evidence instead of just pointing blame at the Boogeyman du jour ®

    1. Yet Another Anonymous coward Silver badge

      Re: I have to give McAfee credit

      They had to wait until they were sure the US wasn't about to announce that Trump was building a golf course there and that N Korea had always been America's greatest ally.

      But now we have always been at war with Eurasia it's OK to blame them.

  3. Walter Bishop Silver badge
    Big Brother

    McAfee and the Nork malware

    How does this Nork malware get onto your “computer”

    1. ghp

      Re: McAfee and the Nork malware

      Perhaps you get it with your OS?

    2. Anonymous Coward
      Anonymous Coward

      Re: McAfee and the Nork malware

      How does this Nork malware get onto your “computer”

      " the Sharpshooter operation goes after key members of the targeted companies with phishing emails that are tightly targeted, in this case pretending to be from a job recruiting agency seeking English-speaking applicants .

      The emails contain poisoned Word documents (researchers note the version used to craft them was Korean-localized) that then look to install the first piece of malware: an in-memory module that dials up a control server."

      https://www.theregister.co.uk/2018/12/12/nuclear_defense_security_threat/

      1. Walter Bishop Silver badge
        Mushroom

        Re: McAfee and the Nork malware

        It was a rhetorical question, I don't see any mention of MI^H^H^H^H^H~1 WI^H^H^H~1 in that report.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019