Mar 4, 2019

Report: North Korea likely led "Sharpshooter" hacking

Joe Uchill

Illustration: Sarah Grillo/Axios

North Korea appears to have helmed a hacking campaign previously identified as "Operation Sharpshooter," according to a new report from McAfee, who first reported on the attacks in December.

The big picture: McAfee originally believed the attacks showed so much evidence they were from North Korea that it might indicate a different actor trying to frame Pyongyang. But the company's researchers now say that analysis of code and data from an intermediary server indicates the attacks really did originate from North Korea.

Details: According to the new report, the Sharpshooter campaign dated back to at least September 2017, a year earlier than was previously known.

  • Sharpshooter pivoted its targeting during the year it has been active. It currently appears to target financial services, government and critical infrastructure, with a primary focus on Germany, Turkey, the U.K. and the U.S. Earlier hacking mainly targeted telecommunications, government and financial sectors, largely in the U.S., Switzerland and Israel.

The intrigue: The motive behind the attacks isn't known, but North Korea's interest is traditionally in espionage — which would have been increasingly important to fine-tune negotiating strategies during talks with the United States — and with various forms of theft.

  • Axios has reported that North Korea might one day pivot to stealing intellectual property to bolster local industry.
  • But even if the Sharpshooter attacks may have provided technical access to intellectual property, as reported in the New York Times, neither the new report nor any previous research on North Korea offers any evidence that IP was stolen in an act of commercial espionage.

Other interesting notes from the report:

  • The malware was built in a "factory" approach, with new components developed separately and in tandem.
  • The attackers appear to have conducted test campaigns in the city of Windhoek, Namibia, before taking the campaign global. This might give the U.S. a window into other attacks in the works, the same way that the U.S. sees Russian attacks against Ukraine as clues to what Russia might do next.

Go deeper

Margaret TalevAlexi McCammond

Sign of the times: A pro-Warren super PAC

Democratic presidential candidate Sen. Elizabeth Warren at a rally in Nevada. Photo: Alex Wong/Getty Images

A group of women progressives who back Sen. Elizabeth Warren has formed Persist PAC, a super PAC airing pro-Warren ads starting Wednesday in an effort to boost her performance ahead of Saturday's crucial Nevada caucuses, a spokesman told Axios.

Why it matters: Warren has spoken adamantly against the influence of unlimited spending and dark money in politics. But these supporters have concluded that before Warren can reform the system, she must win under the rules that exist — and that whether she likes it or not, their uncoordinated help may be needed to keep her viable through this weekend's contest and into South Carolina and Super Tuesday.

Go deeperArrowUpdated 1 hour ago - Politics & Policy
Fadel Allassan

Pentagon policy chief resigns amid reported discord with Trump

John Rood. Photo: Mark Wilson/Getty Images

John Rood, the Pentagon's top policy official, will resign from his post at the end of the month, CNN first reported and President Trump confirmed.

The state of play: CNN said Rood "was perceived as not embracing some of the changes in policy the White House and senior Pentagon officials wanted," such as peace talks in Afghanistan with the Taliban and a decision to cut back on military exercises with South Korea as the president courted North Korea's Kim Jong-un.

Go deeperArrow1 hour ago - Politics & Policy
Axios

Coronavirus cases rise, as warnings of global pandemic grow

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's NHC; Note: China refers to mainland China and the Diamond Princess is the cruise ship offshore Yokohama, Japan. Map: Danielle Alberti/Axios

We may be "at the brink" of a global pandemic, warns a top U.S. public health official, as cases continue to spread despite containment efforts. Meanwhile, the global economy is being affected, including the tech manufacturing industry.

The big picture: COVID-19 has now killed more than 2,000 people and infected over 75,000 others, mostly in mainland China, where the National Health Commission announced 136 new deaths since Tuesday.

Go deeperArrowUpdated 2 hours ago - Health