McAfee researchers announced Thursday that an espionage campaign targeting defense and aerospace contractors using job offers on LinkedIn covered a broader geographic area than previously thought.

The campaign, called Operation North Star, was first reported by McAfee over the summer. The attacks showed similar tactics, techniques and procedures to the North Korean actor Hidden Cobra and targeted South Korean firms. The campaign phished employees by copying job opportunities from legitimate websites and crafting lures that were diligently tailored to the targets.

The new deep-dive from McAfee is based on access to a command and control server used by the campaign. It expands that geographic base to Russia, India, Australia and Israel. It also uncovered a previously unreported second stage implant – "Torisma" – being used in the campaign. But, said McAfee chief scientist Raj Samani, the most interesting new discovery might be the lengths Operation North Star went to protect itself.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.