Sharpshooter: How Does The Malware Infect Systems?

By   ISBuzz Team
Writer , Information Security Buzz | Dec 18, 2018 01:30 pm PST

Following the news that security researchers haveuncovered the Sharpshooter malware, which is targeting nuclear, defense,energy, and financial businesses, please see below comments from YounesDragoni, security researcher at Nozomi Networks.

Younes Dragoni, Security Researcher at Nozomi Networks:
isbuzz expert 1

“The attackers behind the Sharpshooter malware appear to be using phishing as a means to lure victims into opening malicious Word and PDF files and executing a hidden shellcode, which is in charge of injecting the downloader on the targeted system. The Sharpshooter downloader has the only task to retrieve the second-stage implant Rising Sun. This implant is used for reconnaissance purpose (gathers information to monitor for potential exploitation) and it is a fully functional backdoor with extensive capabilities for collecting a series of information about the host, such as: Computer name – User name – IP address information – Native system information – OS product name from registry.

Similar to GreyEnergy, the Sharpshooter malware highlights that attackers are once again using phishing as a means to attack high value targets and infect critical systems. It is therefore increasingly important that staff within these organisations are taught about the dangers of phishing and the importance of thinking before they click.”