In a rare move, government officials have handed security researchers a seized server believed to be used by North Korean hackers to launch dozens of targeted attacks last year.
Known as Operation Sharpshooter, the server was used to deliver a malware campaign targeting governments, telecoms, and defense contractors — first uncovered in December. The hackers sent malicious Word document by email that would when opened run macro-code to download a second-stage implant, dubbed Rising Sun, which the hackers used to conduct reconnaissance and steal user data.
The Lazarus Group, a hacker group linked to North Korea, was the prime suspect given the overlap with similar code previously used by hackers, but a connection was never confirmed.
Now, McAfee says it’s confident to make the link.
“This was a unique first experience in all my years of threat research and investigations,” said Christiaan Beek, lead scientist and senior principal engineer at McAfee, told TechCrunch in an email. “In having visibility into an adversary’s command-and-control server, we were able to uncover valuable information that lead to more clues to investigate,” he said.
The move was part of an effort to better understand the threat from the nation state, which has in recent years been blamed for the 2016 Sony hack and the WannaCry ransomware outbreak in 2017, as well as more targeted attacks on global businesses.
In the new research seen by TechCrunch out Sunday, the security firm’s examination of the server code revealed Operation Sharpshooter was operational far longer than first believed — dating back to September 2017 — and targeted a broader range of industries and countries, including financial services and critical infrastructure in Europe, the U.K. and the U.S.
The research showed that server, operating as the malware’s command and control infrastructure, was written in the PHP and ASP web languages, used for building websites and web-based applications, making it easily deployed and highly scalable.
The back-end has several components used to launch attacks on the hackers’ targets. Each component has a specific role, such as the implant downloader, which hosts and pulls the implant from another downloader; and the the command interpreter, which operates the Rising Sun implant through an intermediate hacked server to help hide the wider command structure.
The researchers say that the hackers use a factory-style approach to building the Rising Sun, a modular type of malware that was pieced together different components over several years. “These components appear in various implants dating back to 2016, which is one indication that the attacker has access to a set of developed functionalities at their disposal,” said McAfee’s research. The researchers also found a “clear evolutionary” path from Duuzer, a backdoor used to target South Korean computers as far back as 2015, and also part of the same family of malware used in the Sony hack, also attributed to North Korea.
Although the evidence points to the Lazarus Group, evidence from the log files show a batch of IP addresses purportedly from Namibia, which researchers can’t explain.
“It is quite possible that these unobfuscated connections may represent the locations that the adversary is operating from or testing in,” the research said. “Equally, this could be a false flag,” such as an effort to cause confusion in the event that the server is compromised.
The research represents a breakthrough in understanding the adversary behind Operation Sharpshooter. Attribution of cyberattacks is difficult at best, a fact that security researchers and governments alike recognize, given malware authors and threat groups share code and leave red herrings to hide their identities. But obtaining a command and control server, the core innards of a malware campaign, is telling.
Even if the goals of the campaign are still a mystery, McAfee’s chief scientist Raj Samani said the insight will “give us deeper insights in investigations moving forward.”
Apple Unleashed: Everything we can expect
Slightly over a month after its September event, Apple is set for an “Unleashed” October event. This second product launch of the fall on October 18 is scheduled a day before Google’s much-anticipated Pixel event. Strategically timed or not, the Apple event is not going to have any competitive iPhones to show. The highlight of the “Unleashed” event will be the new MacBook Pros powered by an upgraded in-house processor.
Once again, it wouldn’t be an in-person event; it will be livestreamed from Apple’s Cupertino headquarters for the world to follow. It will kick off at 10am Pacific Time on Monday, which is unusual, since Apple products are generally released on Tuesdays. To an extent, this is cleverly timed to hog up Google’s limelight.
Apple as we know has already launched iPhone 13 lineup along with the Apple Watch Series 7 and new iPads, it is exciting to understand what is in store for the latest launch event. We are definitely going to see the upgraded ARM-based M1 chipset – likely called M1X – which will find its way into the revamped MacBook Pros, in the Mac Mini, and maybe a larger iMac.
Perhaps, there is no concrete information about the M1X Macs but a recent leak does confirm the possibility of long-rumored AirPods 3 to join the party. The new AirPods were earlier expected to release along with the new iPhones, that hasn’t happened, so we are hopeful the earbuds will make an appearance on Monday.
How to watch the event?
Before we delve deeper into the expected products, let’s run through how you can watch the event live. In case you miss the livestreaming, we will be covering the product launches as and when they happen here on Slashgear.
The “Unleashed” event will be streamed live on Apple’s website or on the Apple TV app. It will also be aired on the Apple channel on YouTube, so you can tune in to your preferred medium at 10am PT on October 18.
The revamped MacBook Pro
The next-generation Apple processor designed specifically for the Mac is expected to get more than just an incremental upgrade. The M1 chip launched last year has proven its worth with powerful features and incredible efficiency. The chipset revolutionized the MacBook Pro in 2020; in 2021, the processor with upgraded performance and efficiency will power the notably distinct MacBook Pro beyond ordinary expectations.
When Apple introduced the M1 chip, it informed that the transition from Intel to Apple’s own silicon will take about “two years” to complete. Into the second year now, we expect the journey is almost complete and the potent new chipset is ready. It can replace the Intel processing in the larger-screen MacBook Pro and take the performance of the smaller Pro to an exciting new high.
Actually, two MacBook Pro variants are launching this year. The 13.3-inch model from the previous year goes out and a resized 14-inch MacBook Pro will debut, which is likely to arrive alongside a 16-inch model. Since both the variants will run on the same graphics-enhancing M1X processor, Apple may deliver two separate options of its SoC for either MacBook. The difference may be in the GPU and storage variants.
Besides the incredible processing, the MacBook Pro is for the first time in five years allegedly receiving a redesign in line with the trusted form factor of the iPhone 13. The flat-edge design that launched with the iPhone 12, will add a nice appeal to the new MacBook Pro that will arrive without the Touch Bar but a 1080p webcam.
The laptop is also likely to arrive with mini-LED panel boasting 120Hz refresh rate. There is a chance it will feature a thinner bezel and include slots for SD card and HDMI. The MagSafe charging is allegedly making a comeback to the Apple MacBook Pro.
The probable launch of AirPods 3 is a rumor that doesn’t seem to settle. Whenever we discuss the pre-launch expectation of an Apple event the next-generation AirPods invariably pop up in discussion. The much-anticipated earbuds might launch this time after failing us in September when they should have logically arrived with the iPhones.
The redesigned, entry-level AirPods 3 are likely to launch with a shorter stem and a wireless charging case, similar to the AirPods Pro. There have been leaks suggesting them with silicone ear tips. Despite how close they get to the AirPods Pro, the third-gen AirPods will be an affordable alternative without ANC.
The final thoughts
In the lead-up to the second fall event, there have been half-baked stories about a few other probabilities. Notable Apple analyst Mark Gurman thinks a high-end Mac Mini powered by the improved in-house chip is on the cards. Announcement of a release date for the company’s macOS Monterey is also likely at the event. The desktop operating system was previewed at the WWDC 2021, albeit a small update, it will still be exciting to know a possible date for its release.
This is more or less what we can expect. Apple however has a knack for pulling out the unexpected, so we’ll only know what’s what on Monday when Apple goes Unleashed. There could be some surprises but 14 and 16-inch MacBook Pros powered by M1X SoC is going to be the biggest highlight.
Tinder’s latest feature helps users find dates for in-person weddings
If taking a total stranger as your plus one to a wedding doesn’t sound like a bad idea to you, Tinder is back with a new feature that’ll make the entire process easier. The company has announced a feature called Plus One that, as you’d expect, lets users alert others that they’re looking for a date to take to a wedding.
Tinder announced its new Plus One feature on Thursday, stating that it has teamed up with WeddingWire to help users find someone to take as a date to a wedding. The feature is available in the app’s Explore section, ensuring users are able to make their particular needs known to others who may want to tag along.
The team-up with WeddingWire, meanwhile, is to launch a ‘Wedding Guest Grant’ giveaway that’s now live. With this, the first 100 people to join the Plus One section in Explore will get $460 toward the cost of a wedding — the average amount WeddingWire says people spend to show up as guests.
Many in the industry are bracing for an anticipated onslaught in weddings later this year and through 2022. The reason is — you guessed it — because of the wedding postponements that occurred in 2020 and most of 2021 due to the pandemic.
The combination of readily available vaccines in many places, as well as cheap rapid COVID-19 tests and loosened travel restrictions, have made in-person weddings a safer option again. According to Tinder, it has seen the number of users adding “plus one” to their profiles increase 45-percent since the start of 2021.
Steam Blockchain games ban: Good news for NFT and crypto alike
An update to Valve’s rules for games on Steam effectively bans all Blockchain games that use cryptocurrencies or NFTs. This is GOOD news if you’re a cryptocurrency or NFT holder, at the moment, as it represents another public acknowledgement of the real-world value of cryptocurrencies and NFTs alike.
It’s not clear yet if this means that any sort of game using ANY sort of blockchain tech will be removed – but it DOES stop all blockchain-based digital tokens from playing a part in games on Steam. Information was shared by the folks behind the game Age of Rust, a game that’s built with blockchain tech that allows the exchange of NFT in accordance with puzzle solving gameplay.
SEE TOO: What is NFT? (for the crypto-newb)
If we’re looking at the situation from the perspective of the developers of a game like Age of Rust, this is certainly a setback. It might just be a temporary setback, but it IS a setback. These developers will need to find a new way to distribute their games – which might mean they need to work with less well-known game hosting platforms.
The developers of Age of Rust suggested that Valve told them that “Steam’s point of view is that items have value and they don’t allow items that can have real-world value on their platform.” So if you were wondering if a company as big as Valve considered those bits of code you were earning in your games to have any value outside of the games you’ve been playing… there’s your answer.
Now it’ll be interesting to see the point at which Valve must acknowledge the difference between in-game cryptocurrency and NFT exchange and in-game purchases, and whether there’ll be any further distinction between the two in future updates to Steam’s set of rules for hosted games. Given Steam’s use of tradeable achievement cards, tokens, and the like, it would not be shocking to find Valve incorporating non-fungible tokens (NFTs) into their platform at a higher level in the near future.
Robert Pattinson broods and batters his way through new The Batman trailer
Robert Pattinson stars as billionaire Bruce Wayne, aka the Caped Crusader, in director Matt Reeves’ forthcoming film, The Batman. Robert...
John Cena shows off comedic chops in extended teaser for Peacemaker series
John Cena reprises his role as Peacemaker for the forthcoming HBO Max spinoff series Peacemaker. John Cena’s Peacemaker was among...
Toyota lowers production goals by 15 percent for November
The global chip shortage is impacting automakers significantly. This week, Toyota announced that it plans to cut its global production...
Porsche deliveries climb significantly despite chip shortage
The global chip shortage impacts most automakers and has resulted in reduced shipments and production stoppages. While most automakers are...
AAA study finds vehicle safety systems are negatively impacted by rain
Researchers from AAA have published a new study looking at how moderate to heavy rain affects the ability of modern...
Social2 years ago
CrashPlan for Small Business Review
Gadgets3 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Cars3 years ago
What’s the best cloud storage for you?
Social3 years ago
iPhone XS priciest yet in South Korea
Mobile3 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Security3 years ago
Google latest cloud to be Australian government certified
Cars3 years ago
SK Telecom and Samsung to collaborate on 5G for enterprise
Social3 years ago
Apple’s new iPad Pro aims to keep enterprise momentum