Hackers infiltrated dozens of companies around the world with advanced malicious software that extracted information from their systems, according to McAfee.
Research released by the cybersecurity firm on Wednesday showed that the infiltration campaign — called "Operation Sharpshooter" — targeted defense and government organizations.
The report said that between October and November, the cybercriminals targeted individuals at 87 companies using social media, sending them messages disguised as recruitment campaigns to get them to open a malicious document.
Once opened, another program called "Rising Sun" was installed, opening a "backdoor" portal that gave hackers the ability to extract intelligence and send it on to a control server. Attackers gained access to usernames, IP addresses, network configuration and system settings data.
"We know that this campaign was intended to conduct espionage, indeed it was only recently launched. The question of the ultimate purpose remains to be seen," Raj Samani, chief scientist and fellow at McAfee, told CNBC via email on Wednesday.
"In many cases such attacks are a precursor for something else, however we are hopeful that identifying and sharing the details will prevent the true nature of the campaign from being carried out."
It appears the attack could be linked to the Lazarus Group, a cybercrime collective that has been associated with North Korea by various cybersecurity firms, because it drew from the source code of a hack that targeted South Korean firms in 2015. However, McAfee researchers said it appeared "too obvious" to conclude that Lazarus was responsible, adding the attack could be a "false flag" aimed at diverting attention toward the notorious organization.
"The original malicious documents were hosted in the U.S.," Samani said. "In terms of attribution, certainly there are similarities with tactics and code previously attributed to the Lazarus Group, however we are conscious that this may be an intentional tactic to make it appear so."