Security Market Segment LS
Thursday, 18 October 2018 11:05

Old 'Chinese' malware reappears in new campaign

By
Old 'Chinese' malware reappears in new campaign Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Security vendor McAfee has detected the re-use of code associated with Chinese military affiliated hacker group APT1, aka Comment Crew.

The re-use of an implant associated with APT1 is "a significant finding", according to McAfee fellow and chief scientist Raj Samani.

The new campaign — which began in May — has been dubbed Operation Oceansalt by McAfee, reflecting its use of code previously seen in 2010's Operation Seasalt. As far as McAfee has been able to determine, there are no indications that the Seasalt code became public.

Oceansalt initially targeted the South Korean higher education sector, and involved a macro in a document showing "a strong command of the Korean language".

It subsequently extended to public infrastructure organisations in South Korea, and later circulated fake information about the Inter-Korean Co-operation Fund.

The documents were distributed from compromised South Korean sites.

Later waves targeted a small number of organisations in other parts of the world, including the US and Canada.

"Is China back? We don't do attribution," said Samani.

He outlined three possibilities: a code-sharing agreement between two nation states, an actor obtaining the source code from someone associated with APT1, or a "false flag" operation intended to suggest collaboration between China and North Korea.

The implant is able to exfiltrate and delete files, and set up a reverse shell giving full control over the affected computer, among other functions. But Samani said it had not been possible to determine the goal of the campaign.

He added that McAfee had delayed announcing its findings until the information had been cleared by relevant law enforcement organisations, and that the indicators that a system has been compromised by the campaign are being made public.

The writer attended McAfee's Mpower Cyberecurity Summit as a guest of the company.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments