North Korea: New access to a seized server has shed some light on the previously identified Sharpshooter campaign. The campaign was originally listed as unidentified after following an investigation into the operation. Although a number of indicators pointed to North Korean ties to the operation, researchers initially believed them to be too obvious and felt that they were false flags meant to mislead investigators. This new revelation came after researchers were provided with access to a seized command-and-control (C2) server which was found to be tied to the campaign. The campaign was originally believed to have begun in late October of 2018, however, analysis of the C2 server indicates that the campaign actually goes as far back as September of 2017 and targeted a much broader set of targets than originally indicated.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security