Security Market Segment LS
Thursday, 18 October 2018 11:05

Old 'Chinese' malware reappears in new campaign

By
Old 'Chinese' malware reappears in new campaign Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Security vendor McAfee has detected the re-use of code associated with Chinese military affiliated hacker group APT1, aka Comment Crew.

The re-use of an implant associated with APT1 is "a significant finding", according to McAfee fellow and chief scientist Raj Samani.

The new campaign — which began in May — has been dubbed Operation Oceansalt by McAfee, reflecting its use of code previously seen in 2010's Operation Seasalt. As far as McAfee has been able to determine, there are no indications that the Seasalt code became public.

Oceansalt initially targeted the South Korean higher education sector, and involved a macro in a document showing "a strong command of the Korean language".

It subsequently extended to public infrastructure organisations in South Korea, and later circulated fake information about the Inter-Korean Co-operation Fund.

The documents were distributed from compromised South Korean sites.

Later waves targeted a small number of organisations in other parts of the world, including the US and Canada.

"Is China back? We don't do attribution," said Samani.

He outlined three possibilities: a code-sharing agreement between two nation states, an actor obtaining the source code from someone associated with APT1, or a "false flag" operation intended to suggest collaboration between China and North Korea.

The implant is able to exfiltrate and delete files, and set up a reverse shell giving full control over the affected computer, among other functions. But Samani said it had not been possible to determine the goal of the campaign.

He added that McAfee had delayed announcing its findings until the information had been cleared by relevant law enforcement organisations, and that the indicators that a system has been compromised by the campaign are being made public.

The writer attended McAfee's Mpower Cyberecurity Summit as a guest of the company.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments