Rising Sun

The Rising Sun is a threatening backdoor Trojan that has been linked to a malware campaign that PC security researchers are calling the 'Operation Sharpshooter.' The Rising Sun malware campaign is designed to take advantage of a vulnerability in the victim's computer that causes it to download and install the Rising Sun, a payload that is used to carry out a backdoor attack. The Rising Sun has a modular design, meaning that the attackers can enable different modules to have different attacks carried out onto victims' computers. The main purpose of the Rising Sun attacks is to carry out surveillance on the victim's computer system and network, allowing the attackers to gain access to private information about the target.

The Rising Sun that will Shine over Your Protected Data

There are many similarities between the Rising Sun and Duuzer, a Trojan that was used to carry out attacks on high-profile targets in 2015 by a criminal group known as Lazarus, which has been carrying out attacks since 2009 actively, and even earlier possibly. The Rising Sun campaign begins through corrupted email messages containing attached documents with embedded compromised macros that download and install the Rising Sun onto the victim's computer. Once the Rising Sun is installed, it runs in the background and collects data about the infected computer and network. The Rising Sun sits in the victim's computer and collects data, sending this data to a Command and Control server. The Rising Sun also will relay information about the infected computer and network, such as IP addresses and local usernames, apart from the collected data. The Rising Sun will also allow the criminals to gain access to the system files and memory processes from a remote location. Although it is possible that the Rising Sun also may be linked to the Lazarus Group, this has not been determined conclusively, because there are significant differences between the Rising Sun and the Duuzer Trojan particularly.

What is the Threat Presented by the Rising Sun

The Rising Sun Trojan and this malware operation pose a significant threat due to the high-profiles of the targeted victims. The Rising Sun seems to target companies in the energy, defense and nuclear sectors. Financial institutions are also an important target in this malware campaign. The Rising Sun's reach has been quite extensive. Between October and November 2018, PC security researchers have detected the presence of the Rising Sun in attacks carried out against 87 different companies around the world. The bulk of the targets of the Rising Sun attacks are located in the United States, however, and virtually all of them belong to English speaking regions or companies. This is linked in part to the social engineering tactics used to deliver the Rising Sun and carry out its attack. Due to the high number of defense and government organizations, as well as the sophistication of the Rising Sun attack, it is possible that this malware operation is state-sponsored or has higher profile individuals supporting this criminal group.

Followup Attacks Related to the Rising Sun

The Rising Sun's main attack seems to be focused on gaining intelligence about the victims. This part of the attack occurs in various steps, initiating with an email attack, followed by a corrupted macro, that then runs in the infected computer's memory and downloads the Rising Sun, which monitors the affected computer and network. This is why it is very likely that the Rising Sun is the first stage of possible subsequent attacks to leverage the access to the affected systems or to do more with the compromised data and devices, particularly. Because of this, malware researchers strongly advise computer users and system administrators to ensure that their devices and networks are protected adequately.