Rising Sun

Rising Sun is a malicious application that was first used to attack various organizations in November 2018. Since it was determined that the malware uses a source code of a backdoor Trojan called Duuzer, cybersecurity experts believed that the new threat was released by the Trojan’s creators, who are North Korean hackers called the Lazarus Group. In 2019 the connection between these hackers and Rising Sun was finally confirmed after specialists discovered a malicious server named Operation Sharpshooter, which contained evidence on the earlier mentioned attacks. If you want to know more about this malicious application and Lazarus group, we invite you to read the rest of this article. In case you have any questions, we encourage you to use our comments section.

As said earlier, Rising Sun was first discovered in November 2018. That month, cybersecurity experts identified 87 attacks attributed to it. All of the attacks targeted various organizations across the globe. It is said that most of them were defense and government-related organizations. Other targeted companies specialized in the Telecommunications, Higher Education, Healthcare, Military, IT Management, Transportation, Technology, Financial, Nuclear, Gas, and Energy sectors. Also, it was discovered that most of the targeted companies were English speaking or had English-speaking regional offices.

After discovery of Rising Sun and Operation Sharpshooter, McAfee suspected that it could be the work of the Lazarus Group. Since Rising Sun contained source code that was taken from Trojan named Duuzer that was discovered in 2015 and confirmed to be the work of the Lazarus Group. Still, there was not enough proof, as cybercriminals share malicious means amongst themselves. However, in 2019 government officials handed the cybersecurity specialists a server that allowed them to finally confirm the link between Rising Sun and the Lazarus Group. It is a group of North Korean hackers interested in cyberespionage that might be active since 2009 and are thought to be responsible for lots of cyber-attacks.

Moreover, researchers have observed that The Lazarus Group’s members use spearphishing, zero-days attacks, and other methods alike to attack their targeted victims. It is said that Rising Sun victims received malicious Microsoft Word documents. Opening such data resulted in running a macro-code that downloaded the threat. It was then used to gather various sensitive information located on infected devices. The malware was also programmed to send all of the recorded data to the attacker’s control servers from which it could be retrieved and used for various malicious purposes. Needless to say, that threats like Rising Sun are sophisticated and difficult to detect. Meaning, it might run on a system without its users realizing it.

Inevitably, companies that wish to protect their system from threats like Rising Sun have to invest more in their cybersecurity. It is advisable to employ cybersecurity experts that could find an organization’s weaknesses and help eliminate them. Also, since such attacks might be initiated with the help of phishing or spearphishing, it is vital to educate employees so that they would be able to recognize malicious data or possible attack patterns. It would not hurt to invest in sophisticated security tools that could keep an organization’s system secure and have a team of specialists of your own that could help you react to attacks faster as well as educate your employees.

The removal instructions located below list the directories in which the malware might settle in. They also show how the malicious application’s files could be erased. However, it is important to stress that we cannot guarantee that our provided steps will work or that they will be enough to get rid of such a threat. Therefore, if Rising Sun is discovered on a system, it is best to leave its removal to your IT specialists and reputable antimalware software. Also, it would be smart to report it to cybersecurity researchers, who may help spread the word about an attack and might be able to stop it.

Erase Rising Sun

1. Restart the infected device in Safe Mode with Networking.
2. Press Windows key+E.
3. Go to this location: %LOCALAPPDATA%
4. Locate a malicious folder that could be called Strategic planning or similarly.
5. Right-click the malicious folder and press Delete.
6. Check this path: %APPDATA%\microsoft\windows\start menu\programs\startup
7. Look for data that could belong to the malware, right-click it, and select Delete.
8. Exit File Explorer.
9. Scan your computer with a legitimate antimalware tool.