high_confidence
Operation Sharpshooter
[Operation Sharpshooter](https://attack.mitre.org/campaigns/C0013) was a global cyber espionage campaign that targeted nuclear, defense, government, energy, and financial companies, with many located in Germany, Turkey, the United Kingdom, and the United States. Security researchers noted the campaign shared many similarities with previous [Lazarus Group](https://attack.mitre.org/groups/G0032) operations, including fake job recruitment lures and shared malware code.(Citation: McAfee Sharpshooter December 2018)(Citation: Bleeping Computer Op Sharpshooter March 2019)(Citation: Threatpost New Op Sharpshooter Data March 2019)
Start date
1 September 2017
End date
1 March 2019
Techniques
13
Attributed actors
Techniques (13)
command-and-control2
T1090Proxy
T1105Ingress Tool Transfer
execution4
T1204.002Malicious File
T1106Native API
T1559.002Dynamic Data Exchange
T1059.005Visual Basic
persistence1
T1547.001Registry Run Keys / Startup Folder
privilege-escalation2
T1547.001Registry Run Keys / Startup Folder
T1055Process Injection
resource-development4
T1587.001Malware
T1584.004Server
T1608.001Upload Malware
T1583.006Web Services
stealth2
T1036.005Match Legitimate Resource Name or Location
T1055Process Injection
Indicators of compromise
No IOCs linked to this campaign yet.