Contact Contact Us

Operation Sharpshooter Targets Global Nuclear, Defence, Energy, Financial Entities

Researchers discovered a new global campaign dubbed Operation Sharpshooter that targets 87 nuclear, defence, energy, and financial entities across the world. Operation Sharpshooter uses macros-laden documents to download a first-stage in-memory implant that delivers a second-stage reconnaissance implant dubbed Rising Sun, which uses code from Lazarus Group’s Trojan Duuzer from 2015. The macros-laden documents are disseminated via Dropbox links shared over social media. Rising Sun collects data about network adapter, computer name, operating system product name from registry, username, and IP address.

[1] ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883