Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew


A fresh wave of cyberattacks striking the US, South Korea, and Canada has been connected to an APT group with ties to the Chinese military.

On Thursday, cybersecurity researchers from McAfee’s Advanced Threat Research team said they have discovered a new campaign which focuses on cyberespionage and data reconnaissance.

South Korea appears to be the primary target of the campaign, dubbed “Operation Oceansalt,” with five attack waves launched in May against organizations in the country.

The group uses a data reconnaissance implant which became of serious interest to the researchers. Upon further examination, it was discovered that the implant is based on the source code of Comment Crew.

Read more…
Source: ZDNet