A suspected North Korean hacking campaign has expanded to targets in 17 different countries, including the U.S., pilfering information on critical infrastructure, telecommunications and entertainment organizations, researchers say.
Cybersecurity firm McAfee released new research on the hacking campaign this week, calling it Operation GhostSecret and describing the attackers as having “significant capabilities” to develop and use multiple cyber tools and rapidly expand operations across the globe.
The findings demonstrate the growing sophistication of North Korea’s army of hackers, which has been blamed for high-profile hacking operations such as the WannaCry malware outbreak last year.
McAfee identified the same hackers in early March
targeting Turkish financial organizations but now says that was only a portion of a spy operation that has expanded to multiple nations and a number of industries.
“The campaign is extremely complicated, leveraging a number of implants to steal information from infected systems and is intricately designed to evade detection and deceive forensic investigators,” McAfee wrote in a report issued Tuesday.
Since researchers first publicly identified the campaign last month, McAfee wrote, “the threat actors not only continued but also increased the scope of the attack, both in types of targets and in the tools they used.”
The group uses hacking tools that are associated with the cyber espionage group Hidden Cobra — the name that the U.S. government uses to describe North Korea’s state-sponsored hackers.
The United States has publicly blamed North Korea for executing the 2014 Sony Pictures hack as well as the massive WannaCry malware attack that destroyed computers across the globe last May.
McAfee says researchers observed activity linked to Operation GhostSecret across 17 countries over a short period of four days in mid-March. The hackers struck targets in the United States, the United Kingdom, Germany, Japan, China and Russia, among other countries.