South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign

Korean-speaking people have become the target of first-stage implant that has been discovered recently. The first-stage implant functions by borrowing a code from other reconnaissance tool which is linked to the Comment Crew. This Comment Crew is the same Chinese nation-state threat actor which got exposed in the year 2013, in relation to the cyber espionage campaign hosted against United States of America.

Dubbed as 'Oceansalt', the threat was found in many machines of the United States, South Korea and Canada. However, South Korea seems to be the chief target of the 'Operation Oceansalt' campaign, as in the month of May five attacks waves against organizations of South Korea has been launched.

The data reconnaissance implant is used by the group, which has aroused interest of many of the researchers. When examined further, it was found that the source code of Chinese nation-state threat actor, Comment Crew is the base of this implant. This was posted on October 18, 2018, by zdnet.com.

The Chinese group has achieved instant infamy for successfully hacking above 100 companies of United States, and for exfiltration of hundreds of terabytes of data. Soon, the group vanished because of the fear of being exposed. Recently, after many years, researchers from McAfee security firm say that they have found that an APT1-associated malware based code is being cropping up again in new attacks.

It is not unusual practice lifting as well as repurposing the pieces of malware, particularly when those tools were available widely or open source. However, McAfee said that the APT1's source code was never made public, neither it wind up in the black market.

The implant has been able to delete and exfiltrate the files, as well as set up reverse shell giving complete control over affected computer. However, the goal of campaign is still not determined.

McAfee, however, has delayed announcing their findings, till the information got clearance from various law enforcement organizations, and till the information that indicates that the system has been hacked through the campaign has been made public. The impact of all these operations can be massive: Oceansalt campaign gives the attackers complete control of the system it manages to compromise and network connected to it.

» SPAMfighter News - 10/24/2018