Cyber attacks on a global scale have become routine now, especially with the involvement of state actors and North Korea is no stranger to this. In the latest research by security firm McAfee, North Korea is allegedly behind a global cyber attack campaign called Operation GhostSecret.
According to a report in The Hill, the global hacking campaign encompasses 17 countries including the US, the UK, Germany, Japan, Russia among them. The target is to extract information on critical infrastructure, telecommunications, entertainment organisations, healthcare organisations and so on. McAfee says that the hackers from Pyongyang have enough capabilities to develop and use multiple cyber tools and rapidly expand its global operations.
Cybersecurity Insiders states that the campaign started on 14 March and went on until 26 March.
North Korea has been involved in sophisticated global cyber attack campaigns in the past as well, such as the Sony Pictures hack and more recently when WannaCry ransomware attacked computer systems in over 150 countries. Operation GhostSecret has similar signatures, which shows the high profile nature of the North Korean hackers according to McAfee.
“The campaign is extremely complicated, leveraging a number of implants to steal information from infected systems and is intricately designed to evade detection and deceive forensic investigators,” said McAfee in its report. It goes on to state that since identification of the campaign last month, the threat actors have increased the scope of the attacks as well.
According to McAfee the tools used for Operation GhostSecret are the same that were associated with the cyber espionage group Hidden Cobra, which is another name that US government uses to describe North Korean state-sponsored hackers.
McAfee also confirmed that North Korea was behind the cyberattack on a Turkish Bank last year and had the potential to launch similar attacks on financial entities in Western countries as well.