Chung Sung-Jun/Getty Images
- A North Korean-linked hacking group has been tied to a series of cyberattacks spanning a wide range of industries across 17 countries.
- A new report found that a major hacking campaign, dubbed Operation GhostSecret, used a variety of tools and malware programs associated with the reported North Korean state-sponsored cyber unit Lazarus.
- The cyber offensive was thought to have only targeted Turkish financial institutions in early March.
- Lazarus has been suspected of masterminding malware for several high-stakes hacks, including the 2014 attack on Sony Pictures and last year's global WannaCry attack.
A North Korean-linked hacking group has been tied to a series of cyber attacks spanning 17 countries, far larger than initially thought.
A new report by McAfee Advanced Threat Research found a major hacking campaign, dubbed Operation GhostSecret, sought to steal sensitive data from a wide range of industries including critical infrastructure, entertainment, finance, health care, and telecommunications.
Attackers used tools and malware programs associated with the North Korean-sponsored cyber unit Hidden Cobra, also known as Lazarus, to execute the highly-sophisticated operation.
Operation GhostSecret is thought to have started with a massive cyberattack on several Turkish financial institutions and government organizations in early March. The cyber offensive then began targeting industries in 17 countries and is still active, according to McAfee.
Servers in the US, Australia, Japan and China were infected several times between March 15 and 19. Nearly 50 servers in Thailand were hit heavily by the malware, the most of any country.
McAfee researchers noted many similarities between the methods used in Operation GhostSecret and other major attacks attributed to the group, including the 2014 attack on Sony Pictures and last year's global WannaCry attack.
"As we monitor this campaign, it is clear that the publicity associated with the (we assume) first phase of this campaign did nothing to slow the attacks. The threat actors not only continued but also increased the scope of the attack, both in types of targets and in the tools they used," Raj Samani, McAfee's chief scientist, said.
The report indicates North Korea has been expanding its cyber crime beyond its usual focus of stealing military intel or cryptocurrency which can be used to funnel money to the Kim regime.
North Korean groups have been tied to increasingly high-stakes attacks in recent months.
In January, researchers from the US cybersecurity firm Recorded Future said a hacking campaign targeting South Korean cryptocurrency exchange Coinlink employed the same malware used in the Sony and WannaCry attacks.
The attack was attributed to the Lazarus group, which has been conducting operations since at least 2009, when they launched an attack on US and South Korean websites by infecting them with a virus known as MyDoom.