Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

North Korea appears to have helmed a hacking campaign previously identified as "Operation Sharpshooter," according to a new report from McAfee, who first reported on the attacks in December.

The big picture: McAfee originally believed the attacks showed so much evidence they were from North Korea that it might indicate a different actor trying to frame Pyongyang. But the company's researchers now say that analysis of code and data from an intermediary server indicates the attacks really did originate from North Korea.

Details: According to the new report, the Sharpshooter campaign dated back to at least September 2017, a year earlier than was previously known.

  • Sharpshooter pivoted its targeting during the year it has been active. It currently appears to target financial services, government and critical infrastructure, with a primary focus on Germany, Turkey, the U.K. and the U.S. Earlier hacking mainly targeted telecommunications, government and financial sectors, largely in the U.S., Switzerland and Israel.

The intrigue: The motive behind the attacks isn't known, but North Korea's interest is traditionally in espionage — which would have been increasingly important to fine-tune negotiating strategies during talks with the United States — and with various forms of theft.

  • Axios has reported that North Korea might one day pivot to stealing intellectual property to bolster local industry.
  • But even if the Sharpshooter attacks may have provided technical access to intellectual property, as reported in the New York Times, neither the new report nor any previous research on North Korea offers any evidence that IP was stolen in an act of commercial espionage.

Other interesting notes from the report:

  • The malware was built in a "factory" approach, with new components developed separately and in tandem.
  • The attackers appear to have conducted test campaigns in the city of Windhoek, Namibia, before taking the campaign global. This might give the U.S. a window into other attacks in the works, the same way that the U.S. sees Russian attacks against Ukraine as clues to what Russia might do next.

Go deeper

AOC and Ilhan Omar want to block Biden’s former chief of staff

Reps. Ilhan Omar and Alexandria Ocasio-Cortez. Photo: Brendan Smialowski/Getty Images

Reps. Alexandria Ocasio-Cortez and Ilhan Omar are boosting a petition against Joe Biden nominating his former chief of staff to a new role in his administration, calling Bruce Reed a "deficit hawk” and criticizing his past support for Social Security and Medicare cuts.

Why it matters: Progressives are mounting their pressure campaign after the president-elect did not include any of their favored candidates in his first slate of Cabinet nominees, and they are serious about installing some of their allies, blocking anyone who doesn't pass their smell test — and making noise if they are not heard.

2 hours ago - Podcasts

Butterball CEO Jay Jandrain talks turkey

Butterball estimates that it sells one out of every three Thanksgiving turkeys, but knows that this year's celebrations will be different than years past.

Axios Re:Cap talks with the turkey giant's CEO Jay Jandrain about what people are buying, what they're asking the "Turkey Talkline" and what the pandemic has meant for his business.

Biden introduces top national security team

President-elect Joe Biden's nominee for Secretary of State Antony Blinken spoke Tuesday at an event introducing the incoming administration's top national security officials, where he told the story of his stepfather being the only one of 900 children at his school in Poland to survive the Holocaust.

What they're saying: "At the end of the war, he made a break from a death march into the woods in Bavaria. From his hiding place, he heard a deep rumbling sound. It was a tank. But instead of the iron cross, he saw painted on its side a five pointed white star," Blinken said.