McAfee: Oops, our bad. Sharpshooter malware was the Norks' Lazarus Group the whole time McAfee (the antivirus firm, not John the dodgy "playboy") reckons the Sharpshooter malware campaign it uncovered in late 2018 is the work of North Korean hacking crew the Lazarus Group. Thanks to data from a command-and-control server that was "provided to McAfee for analysis by a government entity that is familiar with McAfee …
Why would they want to hide? I can think of no reason why they'd want to waste the time and resources to hide their activities. If anything, being discovered is a good thing for them, it shows off their technical prowess and demonstrates that they just don't care. Besides, what's the West going to do, throw more ineffective sanctions at them?
North Korea is a nation seeking to show they aren't to be disregarded and ignored, creating malware that strikes at least a little panic in their enemies is a very cost-effective path to that.
They wouldn't really want to hide unless they had something new and didn't want extra attention, I.E. not what happened here. However, someone else might want to disguise themselves as North Korea, simply because it means tracking down the real them is harder. That was the risk in a false flag. Russia's attack on the olympics in 2018 was disguised to appear North Korean, and you could see a criminal group doing so as well for extra security against attribution, whether they end up getting that or not.
In this game you hide some things and leave others out in the sunlight - when the malware is discovered in the sunlight people often stop looking under the stones nearby.
For example, here's my guaranteed method of always hitting someone with a snowball. You make two snowballs and you throw one at them in a high curve, the target person will watch it as it comes down towards them to make sure it doesn't hit them - so you throw the second snowball straight at them and you'll hit them every time. It's never failed me.
How does this Nork malware get onto your “computer”
" the Sharpshooter operation goes after key members of the targeted companies with phishing emails that are tightly targeted, in this case pretending to be from a job recruiting agency seeking English-speaking applicants .
The emails contain poisoned Word documents (researchers note the version used to craft them was Korean-localized) that then look to install the first piece of malware: an in-memory module that dials up a control server."
https://www.theregister.co.uk/2018/12/12/nuclear_defense_security_threat/
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
