U.S. Companies Targeted by Possible North Korean Hackers: McAfee

(Bloomberg) -- Hackers have targeted dozens of companies, mostly based in the U.S., in a sophisticated cyber espionage campaign that may be connected to the North Korean government, according to a report published Wednesday.

The attackers have tried to penetrate the computer networks of at least 87 companies in the nuclear, defense, energy and financial industries since late October, according to research by internet security company McAfee Inc. The report didn’t name any of the businesses.

Employees at the firms were contacted over social media with Dropbox links to Microsoft Word documents that purported to contain job recruitment information. In reality, the documents contained malware that enabled hackers to gain access to their systems, according to Raj Samani, chief scientist at McAfee.

“We don’t know what their ultimate purpose is,” Samani said. He added it is “quite likely” but not certain that the hackers gained access to company networks.

Samani said the targeted companies include “larger name” businesses. McAfee has shared its findings with the companies, global law enforcement agencies and the cybersecurity industry, he said.

The malware used by the hackers bears resemblance to code previously used in cyber attacks by an entity known as the Lazarus Group, which the U.S. has linked to the North Korean government. But attribution for the attack remains uncertain, Samani said.

The “numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags,” the research said.

To contact the reporter on this story: Alyza Sebenius in Washington at asebenius@bloomberg.net

To contact the editors responsible for this story: Alex Wayne at awayne3@bloomberg.net, Mike Dorning

©2018 Bloomberg L.P.