Operation Sharpshooter and the Lazarus Group.
McAfee revealed Sunday that Operation Sharpshooter, a cyber-reconnaissance campaign discovered in December, is likely linked to North Korea's Lazarus Group. An unnamed government entity gave the researchers access to one of the command-and-control servers used to manage the campaign. The server showed that the ongoing campaign was "more extensive in complexity, scope, and duration of operations" than they initially thought. McAfee researchers told the New York Times that they saw the group launch attacks against more than a hundred companies, with recent attacks focusing on financial services, government, and critical infrastructure targets in Germany, Turkey, the United Kingdom, and the United States. The majority of the attacks were directed at the US, and the top targets were Houston and New York City. The Times says that many of the attacks were "aimed at engineers and executives who had broad access to their companies' computer networks and intellectual property."
The researchers had originally refrained from linking Operation Sharpshooter to the North Korean group based on code overlap, because the technical links were so obvious that they suggested a potential false flag. Their access to the server, however, allowed them to observe "striking similarities" with multiple other DPRK attacks, and so they're willing to call out the Lazarus Group.