McAfee Uncovers Nation-State Cybercrime Campaign: Operation GhostSecret

operation ghostseceret

McAfee Advanced Threat Research has uncovered evidence of a major international cybercrime campaign—labeled Operation GhostSecret by the endpoint security and SIEM solution provider—linked to nation-state hackers.

According to the evidence, Operation GhostSecret aims to steal proprietary data from enterprises representing a range of industries including entertainment, telecommunications, healthcare, and finance. The campaign appears to have begun with the targeting of Turkish financial institutions in early March and has not abated since then. In total, 17 countries have been targeted, including the United States, Australia, Japan, and China. Thailand in particular was targeted, suffering the most malware connected to Operation GhostSecret.

In a statement, McAfee’s Chief Scientist Raj Samani said: “As we monitor this campaign, it is clear that the publicity associated with the (we assume) first phase of this campaign did nothing to slow the attacks. The threat actors not only continued but also increased the scope of the attack, both in types of targets and in the tools they used.”

While it has not been definitively confirmed as of time of writing, the techniques of Operation GhostSecret implicate the Lazarus Group as the cybercriminals behind these nation-state attacks. Lazarus, also referred to as Hidden Cobra, has long been affiliated with North Korean military intelligence. They are suspected as responsible for the data breach at Sony Pictures in 2014 and the more recent ransomware wave known as WannaCry; they’ve also been suspected of cryptocurrency thefts across the globe in an effort to fund the heavily-sanctioned North Korean regime.

Whether Operation GhostSecret represents a transition in nation-state attacks as priorities shift from direct attacks on military-industrial data to creating more general chaos, or whether that transition already began with WannaCry, enterprises should take notice. You may be up against hackers with the backing of entire countries. You need to ensure your information security solution is up to the task.     

You can download McAfee’s full report here.

 

Ben Canner

Leave a Reply

Your email address will not be published.