Illustration: Sarah Grillo/Axios

North Korea appears to have helmed a hacking campaign previously identified as "Operation Sharpshooter," according to a new report from McAfee, who first reported on the attacks in December.

The big picture: McAfee originally believed the attacks showed so much evidence they were from North Korea that it might indicate a different actor trying to frame Pyongyang. But the company's researchers now say that analysis of code and data from an intermediary server indicates the attacks really did originate from North Korea.

Details: According to the new report, the Sharpshooter campaign dated back to at least September 2017, a year earlier than was previously known.

  • Sharpshooter pivoted its targeting during the year it has been active. It currently appears to target financial services, government and critical infrastructure, with a primary focus on Germany, Turkey, the U.K. and the U.S. Earlier hacking mainly targeted telecommunications, government and financial sectors, largely in the U.S., Switzerland and Israel.

The intrigue: The motive behind the attacks isn't known, but North Korea's interest is traditionally in espionage — which would have been increasingly important to fine-tune negotiating strategies during talks with the United States — and with various forms of theft.

  • Axios has reported that North Korea might one day pivot to stealing intellectual property to bolster local industry.
  • But even if the Sharpshooter attacks may have provided technical access to intellectual property, as reported in the New York Times, neither the new report nor any previous research on North Korea offers any evidence that IP was stolen in an act of commercial espionage.

Other interesting notes from the report:

  • The malware was built in a "factory" approach, with new components developed separately and in tandem.
  • The attackers appear to have conducted test campaigns in the city of Windhoek, Namibia, before taking the campaign global. This might give the U.S. a window into other attacks in the works, the same way that the U.S. sees Russian attacks against Ukraine as clues to what Russia might do next.

Go deeper

Updated 20 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 4 p.m. ET: 19,193,661 — Total deaths: 716,735 — Total recoveries — 11,611,029Map.
  2. U.S.: Total confirmed cases as of 4 p.m. ET: 4,918,927 — Total deaths: 160,737 — Total recoveries: 1,598,624 — Total tests: 59,652,675Map.
  3. Politics: White House recommends Trump issue executive orders on coronavirus aid.
  4. Education: Cuomo says all New York schools can reopen for in-person learning.
  5. Public health: Surgeon general urges flu shots to prevent "double whammy" with coronavirus — Massachusetts pauses reopening after uptick in coronavirus cases
  6. World: Africa records over 1 million coronavirus cases — Gates Foundation puts $150 million behind coronavirus vaccine production.

Trump: "We are going a different way" on coronavirus aid

President Trump. Photo: Jim Watsonn/AFP via Getty Images

President Trump tweeted on Friday that his administration is "going a different way" with coronavirus aid after negotiations with congressional Democrats stalled again, suggesting he will use an executive order to address stimulus spending.

What he's saying: "Pelosi and Schumer only interested in Bailout Money for poorly run Democrat cities and states. Nothing to do with China Virus! Want one trillion dollars. No interest. We are going a different way!" Trump tweeted.

Trump's swift, sweeping China offensive

Illustration: Aïda Amer/Axios

President Trump's rhetoric on China has tended to run hotter than his actions — until now.

Why it matters: Even at the height of Trump's trade war, his administration never hit China as hard, as fast, and on as many fronts as it is right now.