{"id":103359,"date":"2020-07-29T21:01:23","date_gmt":"2020-07-30T04:01:23","guid":{"rendered":"\/blogs\/?p=103359"},"modified":"2025-03-31T19:56:41","modified_gmt":"2025-04-01T02:56:41","slug":"mcafee-defenders-blog-operation-north-star-campaign","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/","title":{"rendered":"McAfee Defender\u2019s Blog: Operation North Star Campaign"},"content":{"rendered":"

Building Adaptable Security Architecture Against the Operation North Star Campaign<\/em><\/h2>\n

Operation North Star Overview<\/h3>\n

Over the last few months, we have seen attackers take advantage of the pandemic as a cover to launch cyberattacks. One such example is a campaign that McAfee Advanced Threat Research (ATR) observed as an increase in malicious cyber activity targeting the Aerospace & Defense industry. In this campaign McAfee ATR discovered a series of malicious documents containing job postings taken from leading defense contractors to be used as lures, in a very targeted fashion. This type of campaign has appeared before, in 2017 and 2019 using similar techniques, but the 2020 campaign has some distinct differences in implants, infrastructure and spear phishing lures. For a more detailed analysis of this campaign please see the McAfee ATR blog<\/a>.<\/p>\n

This blog is focused on how to build an adaptable security architecture to increase your resilience against these types of attacks and specifically, how McAfee\u2019s portfolio delivers the capability to prevent, detect and respond against the tactics and techniques used in the Operation North Star campaign.<\/p>\n

Gathering Intelligence on Operation North Star<\/h3>\n

As always, building adaptable defensive architecture starts with intelligence. In most organizations, the Security Operations team is responsible for threat intelligence analysis, as well as threat and incident response. McAfee Insights<\/a> is a great tool for the threat intel analyst and threat responder. The Insights Dashboard identifies prevalence and severity of emerging threats across the globe which enables the Security Operations Center (SOC) to prioritize threat response actions and gather relevant cyber threat intelligence (CTI) associated with the threat, in this case the Operation North Star campaign. The CTI is provided in the form of technical Indicators of Compromise (IOCs) as well as MITRE ATT&CK framework tactics and techniques. As a threat intel analyst or responder, you can drill down to gather more specific information on Operation North Star, such as prevalence and links to other sources of information. You can further drill down to gather more specific actionable intelligence such as indicators of compromise and tactics\/techniques aligned to the MITRE ATT&CK framework.<\/p>\n

From the McAfee ATR blog, you can see that Operation North Star leverages tactics and techniques common to other APT campaigns, such as spear phishing for Initial Access, exploited system tools and signed binaries, modification of Registry Keys\/Startup folder for persistence and encoded traffic for command and control.<\/p>\n

 <\/p>\n

Defensive Architecture Overview<\/h3>\n

Today\u2019s digital enterprise is a hybrid environment of on-premise systems and cloud services with multiple entry points for attacks like Operation North Star. The work from home operating model forced by COVID-19 has only expanded the attack surface and increased risk for successful spear phishing attacks if organizations did not adapt their security posture and increase training for remote workers. Mitigating the risk of attacks like Operation North Star requires a security architecture with the right controls at the device, on the network and in security operations (sec ops). The Center for Internet Security (CIS) Top 20 Cyber Security Controls<\/a> provides a good guide to build that architecture. The following outlines the key security controls needed at each layer of the architecture to protect your enterprise against Operation North Star tactics and techniques.<\/p>\n

 <\/p>\n

Initial Access Stage Defensive Overview<\/h3>\n

According to Threat Intelligence and Research, the initial access is performed either through vulnerability exploitation or spear phishing attachments. As attackers can quickly change spear phishing attachments or link locations, it is important to have layered defenses that include user awareness training and response procedures, intelligence and behavior-based malware defenses on email systems, web proxy and endpoint systems, and finally sec ops playbooks for early detection and response against suspicious email attachments or other phishing techniques The following chart summarizes the controls expected to have the most effect against initial stage techniques and the McAfee solutions to implement those controls where possible.<\/p>\n\n\n\n\n\n\n
MITRE Tactic<\/strong><\/td>\nMITRE Techniques<\/strong><\/td>\nCSC Controls<\/strong><\/td>\nMcAfee Capability<\/strong><\/td>\n<\/tr>\n
Initial Access<\/td>\nSpear Phishing Attachments (T1566.001)<\/td>\nCSC 7<\/strong> \u2013 Email and Web Browser Protection<\/p>\n

CSC 8<\/strong> \u2013 Malware Defenses<\/p>\n

CSC 17<\/strong> \u2013 User Awareness<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection,<\/p>\n

Web Gateway (MWG), Advanced Threat Defense, Web Gateway Cloud Service (WGCS)<\/td>\n<\/tr>\n

Initial Access<\/td>\nSpear Phishing Link (T1566.002)<\/td>\nCSC 7<\/strong> \u2013 Email and Web Browser Protection<\/p>\n

CSC 8<\/strong> \u2013 Malware Defenses<\/p>\n

CSC 17<\/strong> \u2013 User Awareness<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection,<\/p>\n

Web Gateway (MWG), Advanced Threat Defense, Web Gateway Cloud Service (WGCS)<\/td>\n<\/tr>\n

Initial Access<\/td>\nSpear Phishing (T1566.003) Service<\/td>\nCSC 7<\/strong> \u2013 Email and Web Browser Protection<\/p>\n

CSC 8<\/strong> \u2013 Malware Defenses<\/p>\n

CSC 17<\/strong> \u2013 User Awareness<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection,<\/p>\n

Web Gateway (MWG), Advanced Threat Defense, Web Gateway Cloud Service (WGCS)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

For additional information on how McAfee can protect against suspicious email attachments, review this additional blog post.<\/p>\n

https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-protects-against-suspicious-email-attachments\/<\/a><\/p>\n

Exploitation Stage Defensive Overview<\/h3>\n

The exploitation stage is where the attacker gains access to the target system. Protection against Operation North Star at this stage is heavily dependent on adaptable anti-malware on both end user devices and servers, restriction of application execution, and security operations tools like endpoint detection and response sensors.<\/p>\n

McAfee Endpoint Security 10.7 provides a defense in depth capability including signatures and threat intelligence to cover known bad indicators or programs, as well as machine-learning and behavior-based protection to reduce the attack surface against Operation North Star and detect new exploitation attack techniques. This attack leverages weaponized documents with links to external template files on a remote server. McAfee Threat Prevention and Adaptive Threat Protection modules protect against these techniques.<\/p>\n

Additionally, MVISION EDR provides proactive detection capability on Execution and Defensive Evasion techniques identified in the exploit stage analysis. Please read further to see MVISION EDR in action against Operation North Star.<\/p>\n

The following chart summarizes the critical security controls expected to have the most effect against exploitation stage techniques and the McAfee solutions to implement those controls where possible.<\/p>\n\n\n\n\n\n\n\n\n\n\n
MITRE Tactic<\/strong><\/td>\nMITRE Techniques<\/strong><\/td>\nCSC Controls<\/strong><\/td>\nMcAfee Portfolio Mitigation<\/strong><\/td>\n<\/tr>\n
Execution<\/td>\nUser Execution (T1204)<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 17<\/strong> Security Awareness<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control (MAC), Web Gateway and Network Security Platform<\/td>\n<\/tr>\n
Execution<\/td>\nCommand and Scripting Interpreter (T1059)<\/p>\n

 <\/td>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control (MAC), MVISION EDR<\/td>\n<\/tr>\n
Execution<\/td>\nShared Modules (T1129)<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control (MAC)<\/td>\n<\/tr>\n
Persistence<\/td>\nBoot or Autologon Execution (T1547)<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7 Threat Prevention, MVISION EDR<\/td>\n<\/tr>\n
Defensive Evasion<\/td>\nTemplate Injection (T1221)<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, MVISION EDR<\/td>\n<\/tr>\n
Defensive Evasion<\/td>\nSigned Binary Proxy Execution (T1218)<\/td>\nCSC 4 <\/strong>Control Admin Privileges<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control, MVISION EDR<\/td>\n<\/tr>\n
Defensive Evasion<\/td>\nDeobfuscate\/Decode Files or Information (T1027)<\/p>\n

 <\/td>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, MVISION EDR<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

For more information on how McAfee Endpoint Security 10.7 can prevent some of the techniques used in the Operation North Star exploit stage, review this additional blog post.<\/p>\n

https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/<\/a><\/p>\n

Impact Stage Defensive Overview<\/h3>\n

The impact stage is where the attacker encrypts the target system, data and perhaps moves laterally to other systems on the network. Protection at this stage is heavily dependent on adaptable anti-malware on both end user devices and servers, network controls and security operation\u2019s capability to monitor logs for anomalies in privileged access or network traffic. The following chart summarizes the controls expected to have the most effect against impact stage techniques and the McAfee solutions to implement those controls where possible.<\/p>\n\n\n\n\n\n\n\n
MITRE Tactic<\/strong><\/td>\nMITRE Techniques<\/strong><\/td>\nCSC Controls<\/strong><\/td>\nMcAfee Portfolio Mitigation<\/strong><\/td>\n<\/tr>\n
Discovery<\/td>\nAccount Discovery (T1087)<\/td>\nCSC 4 <\/strong>Control Use of Admin Privileges<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 6 <\/strong>Log Analysis<\/td>\n

MVISION EDR, MVISION Cloud, Cloud Workload Protection<\/td>\n<\/tr>\n
Discovery<\/td>\nSystem Information Discovery (T1082)<\/td>\nCSC 4 <\/strong>Control Use of Admin Privileges<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 6 <\/strong>Log Analysis<\/td>\n

MVISION EDR, MVISION Cloud, Cloud Workload Protection<\/td>\n<\/tr>\n
Discovery<\/td>\nSystem Owner\/User Discovery (T1033)<\/td>\nCSC 4 <\/strong>Control Use of Admin Privileges<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 6 <\/strong>Log Analysis<\/td>\n

MVISION EDR, MVISION Cloud, Cloud Workload Protection<\/td>\n<\/tr>\n
Command and Control<\/td>\nEncrypted Channel (T1573)<\/td>\nCSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Web Gateway, Network Security Platform<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/h3>\n

Hunting for Operation North Star Indicators<\/h3>\n

As a threat intel analyst or hunter, you might want to quickly scan your systems for any indicators you received on Operation North Star. Of course, you can do that manually by downloading a list of indicators and searching with available tools. However, if you have MVISION EDR and Insights, you can do that right from the console, saving precious time. Hunting the attacker can be a game of inches so every second counts. Of course, if you found infected systems or systems with indicators, you can take action to contain and start an investigation for incident response immediately from the MVISION EDR console.<\/p>\n

Proactively Detecting Operation North Star Techniques<\/h3>\n

Many of the exploit stage techniques in this attack use legitimate Windows processes and applications to either exploit or avoid detection. We demonstrated above how the Endpoint Protection Platform can disrupt the weaponized documents but, by using MVISION EDR, you can get more visibility. As security analysts, we want to focus on suspicious techniques used by winword.exe as this attack leverages weaponized documents. On MVISION EDR we got the first threat detection on the monitoring dashboard for WINWORD.EXE at a Medium Risk<\/u>.<\/p>\n

The dashboard also provides a detailed look at the process activity which, in this case, is the attempt to perform the template injection.<\/p>\n

 <\/p>\n

We also received 2 alerts due to the rundll32 usage:<\/p>\n

1)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Loaded non-common file with specified parameters via rundll32 utility<\/p>\n

2)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Suspicious process would have been cleaned by Endpoint Protection (in observe mode)<\/p>\n

Monitoring or Reporting on Operation North Star Events<\/h3>\n

Events from McAfee Endpoint Protection and Web Gateway play a key role in Lazarus incident and threat response. McAfee ePO centralizes event collection from all managed endpoint systems. As a threat responder, you may want to create a dashboard for Lazarus-related threat events to understand current exposure. Here is a list (not exhaustive) of Lazarus-related threat events as reported by McAfee Endpoint Protection Platform (Threat Prevention module), with On-Access Scan and Global Threat Intelligence enabled, and McAfee Web Gateway with Global Threat Intelligence enabled as well.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
McAfee Endpoint Threat Prevention Events<\/strong><\/td>\n<\/tr>\n
Generic Trojan.dz<\/td>\nGeneric Dropper.aou<\/td>\n<\/tr>\n
RDN\/Generic PWS.y<\/td>\nW97M\/Downloader.cxz<\/td>\n<\/tr>\n
Trojan-FRVP!2373982CDABA<\/td>\nTrojan-FRVP!AF83AD63D2E3<\/td>\n<\/tr>\n
Generic Dropper.aou<\/td>\nW97M\/Downloader.bjp<\/td>\n<\/tr>\n
Trojan-FSGY!3C6009D4D7B2<\/td>\nW97M\/MacroLess.y<\/td>\n<\/tr>\n
Trojan-FRVP!CEE70135CBB1<\/td>\nArtemis!9FD35BAD075C<\/td>\n<\/tr>\n
W97M\/Downloader.cxu<\/td>\nRDN\/Generic.dx<\/td>\n<\/tr>\n
Trojan-FRVP!63178C414AF9<\/td>\nArtemis!0493F4062899<\/td>\n<\/tr>\n
Exploit-cve2017-0199.ch<\/td>\nArtemis!25B37C971FD7<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n\n\n\n\n\n
McAfee Web Gateway Events<\/strong><\/td>\n<\/tr>\n
Generic Trojan.dz<\/td>\nW97M\/Downloader.cxz<\/td>\n<\/tr>\n
RDN\/Generic PWS.y<\/td>\nBehavesLike.Downloader.dc<\/td>\n<\/tr>\n
Trojan-FRVP!2373982CDABA<\/td>\nW97M\/MacroLess.y<\/td>\n<\/tr>\n
Trojan-FSGY!3C6009D4D7B2<\/td>\nBehavesLike.Win32.Dropper.hc<\/td>\n<\/tr>\n
BehavesLike.Downloader.dc<\/td>\nArtemis<\/td>\n<\/tr>\n
BehavesLike.Downloader.tc<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/h3>\n

Summary<\/h3>\n

To defeat targeted threat campaigns, defenders must collaborate internally and externally to build an adaptive security architecture which will make it harder for threat actors to succeed and build resilience in the business. This blog highlights how to use McAfee\u2019s security solutions to prevent, detect and respond to Operation North Star and attackers using similar techniques.<\/p>\n

McAfee ATR is actively monitoring this campaign and will continue to update McAfee Insights and its social networking channels with new and current information. Want to stay ahead of the adversaries? Check out McAfee Insights<\/a> for more information.<\/p>\n","protected":false},"excerpt":{"rendered":"

Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we…<\/p>\n","protected":false},"author":787,"featured_media":98318,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[4601,6303],"class_list":["post-103359","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\nMcAfee Defender\u2019s Blog: Operation North Star Campaign | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we have seen\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"McAfee Defender\u2019s Blog: Operation North Star Campaign | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we have seen\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-30T04:01:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-01T02:56:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mo Cashman, Filippo Sitzia\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mo Cashman, Filippo Sitzia\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/\"},\"author\":{\"name\":\"Mo Cashman\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816\"},\"headline\":\"McAfee Defender\u2019s Blog: Operation North Star Campaign\",\"datePublished\":\"2020-07-30T04:01:23+00:00\",\"dateModified\":\"2025-04-01T02:56:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/\"},\"wordCount\":1931,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/\",\"name\":\"McAfee Defender\u2019s Blog: Operation North Star Campaign | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg\",\"datePublished\":\"2020-07-30T04:01:23+00:00\",\"dateModified\":\"2025-04-01T02:56:41+00:00\",\"description\":\"Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we have seen\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg\",\"width\":1920,\"height\":1280},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"McAfee Defender\u2019s Blog: Operation North Star Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816\",\"name\":\"Mo Cashman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/e9035a01a4599145df1d1d64135a5bd9\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png\",\"caption\":\"Mo Cashman\"},\"description\":\"Mo Cashman is one of the company\u2019s passionate leaders in cyber security. As an Enterprise Security Architect and Principal Engineer at McAfee, Mo advises our largest global customers and partners on their cyber threat management and data protection strategies for the digital enterprise. Mo\u2019s passion is to inspire our next generation security professionals as well as help customers architect for future resilience. With that passion and over 20 years of experience, Mo leads our Security Architect and Executive Briefing Center programs in EMEA, where we host hundreds of customers each year. In previous roles at the company, Mo was the Chief Technical Strategist for the Global Public Sector and just prior to joining the company, lead Computer Security Incident Response and Threat Intelligence Teams investigating and responding to sophisticated cyber threats across the world.\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mo-cashman\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"McAfee Defender\u2019s Blog: Operation North Star Campaign | McAfee Blog","description":"Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we have seen","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"McAfee Defender\u2019s Blog: Operation North Star Campaign | McAfee Blog","og_description":"Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we have seen","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2020-07-30T04:01:23+00:00","article_modified_time":"2025-04-01T02:56:41+00:00","og_image":[{"width":1920,"height":1280,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg","type":"image\/jpeg"}],"author":"Mo Cashman, Filippo Sitzia","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Mo Cashman, Filippo Sitzia","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/"},"author":{"name":"Mo Cashman","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816"},"headline":"McAfee Defender\u2019s Blog: Operation North Star Campaign","datePublished":"2020-07-30T04:01:23+00:00","dateModified":"2025-04-01T02:56:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/"},"wordCount":1931,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/","name":"McAfee Defender\u2019s Blog: Operation North Star Campaign | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg","datePublished":"2020-07-30T04:01:23+00:00","dateModified":"2025-04-01T02:56:41+00:00","description":"Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we have seen","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/01\/AdobeStock_223200320.jpeg","width":1920,"height":1280},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-operation-north-star-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"McAfee Defender\u2019s Blog: Operation North Star Campaign"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816","name":"Mo Cashman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/e9035a01a4599145df1d1d64135a5bd9","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png","caption":"Mo Cashman"},"description":"Mo Cashman is one of the company\u2019s passionate leaders in cyber security. As an Enterprise Security Architect and Principal Engineer at McAfee, Mo advises our largest global customers and partners on their cyber threat management and data protection strategies for the digital enterprise. Mo\u2019s passion is to inspire our next generation security professionals as well as help customers architect for future resilience. With that passion and over 20 years of experience, Mo leads our Security Architect and Executive Briefing Center programs in EMEA, where we host hundreds of customers each year. In previous roles at the company, Mo was the Chief Technical Strategist for the Global Public Sector and just prior to joining the company, lead Computer Security Incident Response and Threat Intelligence Teams investigating and responding to sophisticated cyber threats across the world.","url":"https:\/\/www.mcafee.com\/blogs\/author\/mo-cashman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/103359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/787"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=103359"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/103359\/revisions"}],"predecessor-version":[{"id":211766,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/103359\/revisions\/211766"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/98318"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=103359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=103359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=103359"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=103359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}