2 minute read


On Wed Dec 12, the McAfee Advanced Threat Research team revealed that hackers had conducted an elaborate infiltration campaign between October and November, which they named "Operation Sharpshooter," after the name of a function in the attack code. The campaign targeted individuals at 87 firms across a broad spectrum of companies globally including defense, finance, energy, telecommunications, and government organizations. Indicating new levels of sophistication, the McAfee report indicates that the campaign "leverages an in-memory implant to download and retrieve a second stage implant which we call Rising Sun -for further exploitation."  As the report further indicates, the ultimate target of the operation is to penetrate security defenses for the purpose of extracting intellectual property. 

SafeGuard Cyber-blog_McAfee_operation sharpshooter_threat mapImage courtesy McAfee Securing Tomorrow blog

The most intriguing discovery was the how these cybercriminals approached their targets. Raj Samani, Chief Scientist at McAfee and SafeGuard Cyber Advisor, explained in a recent podcast that bad actors posing as job recruiters for legitimate companies used social media messaging for outreach. After gaining trust, eventually the actors would direct targets to download a document containing a malicious macro. The recruiting companies, job listings, and recruiter profiles all appeared appropriate and realistic. In this attack, social media was the "weakest” link in a chain of vulnerabilities that gave the attackers the opportunity to execute a sophisticated data mining operation.

While CISOs now acknowledge email security is an essential element of a perimeter defense structure, the threat of corporate social media attacks aren't as well managed. In most cases, this is because social media is seen as the purview of marketing departments. Cybercriminals are exploiting this gap with social engineering attacks on professional networks. Simply, it's easier to hack an individual's trust than a corporate network.

In past blogs, we have discussed numerous cyber threats and topical exploits on social media:

  • Malicious attacks - Bad actors target digital assets with direct account takeovers, malware, phishing re-directs, or bot attacks
  • Brand Impersonation - Bad actors intent on scamming customers set up fake accounts, divert revenues, and conduct other fraudulent activities, all at the expense of the brand
  • Brand & Reputational Damage - Often the target of bad actors for social engineering campaigns or digital sabotage; angry customers intent on revenge, or even innocent posts, can result in brand damage
  • VIP Exposure - Often high profile executives are targets of impersonations, spear-phishing (aka whaling), bot attacks, doxxing campaigns, and more
  • Data Loss & Data Privacy Risk - Sensitive information accidentally/deliberately leaked can results in IP loss, unauthorized financial disclosures, and privacy violations (PII, GDPR, HIPAA); all of which can result in heavy penalties & litigation exposure

Comprehensive defense means building an ecosystem that secures endpoints, cloud access, and social and digital channels outside the perimeter. CISOs should adopt an end-to-end approach that orchestrates security management systematically for surveillance, threat detection, risk response, and remediation.

The aggressive ambitions and scale of Operation Sharpshooter illustrates the need for companies to proactively build out their cyber security ecosystem to protect against the persistent vulnerabilities in social media and to assure the sovereignty of their digital properties into the future. 

Get started by understanding your organization's digital risk profile. SafeGuard Cyber can assist your process with a complementary digital risk assessment. Contact us today.


how hackers profile victims for social media

Blog: Learn how hackers profile victims 
for social media engineering attacks

Share this post:   
Last updated
January 2, 2021
Kevin Walter
Written by
Kevin Walter

Subscribe to our newsletter