Following the news that security researchers haveuncovered the Sharpshooter malware, which is targeting nuclear, defense,energy, and financial businesses, please see below comments from YounesDragoni, security researcher at Nozomi Networks.
Younes Dragoni, Security Researcher at Nozomi Networks:
“The attackers behind the Sharpshooter malware appear to
be using phishing as a means to lure victims into opening malicious Word and
PDF files and executing a hidden shellcode, which is in charge of injecting the
downloader on the targeted system. The Sharpshooter downloader has the only
task to retrieve the second-stage implant Rising Sun. This implant is used for
reconnaissance purpose (gathers information to monitor for potential
exploitation) and it is a fully functional backdoor with extensive capabilities
for collecting a series of information about the host, such as: Computer name –
User name – IP address information – Native system information – OS product
name from registry.
Similar to GreyEnergy, the Sharpshooter malware highlights that attackers are once again using phishing as a means to attack high value targets and infect critical systems. It is therefore increasingly important that staff within these organisations are taught about the dangers of phishing and the importance of thinking before they click.”