Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
Illustration: Sarah Grillo/Axios
North Korea appears to have helmed a hacking campaign previously identified as "Operation Sharpshooter," according to a new report from McAfee, who first reported on the attacks in December.
The big picture: McAfee originally believed the attacks showed so much evidence they were from North Korea that it might indicate a different actor trying to frame Pyongyang. But the company's researchers now say that analysis of code and data from an intermediary server indicates the attacks really did originate from North Korea.
Details: According to the new report, the Sharpshooter campaign dated back to at least September 2017, a year earlier than was previously known.
- Sharpshooter pivoted its targeting during the year it has been active. It currently appears to target financial services, government and critical infrastructure, with a primary focus on Germany, Turkey, the U.K. and the U.S. Earlier hacking mainly targeted telecommunications, government and financial sectors, largely in the U.S., Switzerland and Israel.
The intrigue: The motive behind the attacks isn't known, but North Korea's interest is traditionally in espionage — which would have been increasingly important to fine-tune negotiating strategies during talks with the United States — and with various forms of theft.
- Axios has reported that North Korea might one day pivot to stealing intellectual property to bolster local industry.
- But even if the Sharpshooter attacks may have provided technical access to intellectual property, as reported in the New York Times, neither the new report nor any previous research on North Korea offers any evidence that IP was stolen in an act of commercial espionage.
Other interesting notes from the report:
- The malware was built in a "factory" approach, with new components developed separately and in tandem.
- The attackers appear to have conducted test campaigns in the city of Windhoek, Namibia, before taking the campaign global. This might give the U.S. a window into other attacks in the works, the same way that the U.S. sees Russian attacks against Ukraine as clues to what Russia might do next.