McAfee researchers found more evidence linking ‘Sharpshooter’ to North Korea’s Lazarus threat actor. They analyzed code from a command and control (C2) server used in the global cyber-espionage campaign. The assessment was possible with the help of a government entity and revealed that the operation is broader in scope, more complex and older than initially thought. A log file on the server indicates that the C2 framework has been active since at least September 2017, and probably “hosted on different servers over time”””
Source: https://www.bleepingcomputer.com/news/security/op-sharpshooter-connected-to-north-koreas-lazarus-group/