Tuesday March 19, 2019
Home Lead Story McAfee Discov...

McAfee Discovers Cyber-spy Campaign Using Code From Chinese Group

As for implications and impact, these attacks may be a precursor to a much larger attack given the control the attackers have over their infected victims, McAfee said

0
//
McAfee
Sensitive data in Cloud more exposed than organisations think: McAfee. IANS

Global cybersecurity firm McAfee on Thursday said it discovered a new cyber espionage campaign which reused source code from the hacker group APT1, or Comment Crew, a Chinese military-affiliated group accused of launching cyber-attacks on more than 141 US companies from 2006 to 2010.

The new campaign, dubbed Operation Oceansalt, is targeting South Korea, Canada and the US, McAfee said in a report released in its cybersecurity summit “MPOWER 2018” here.

The actors of this new campaign have not been identified.

However, the report suggests that the development of the Oceansalt implant would not have been possible unless the actors behind it had direct access to Comment Crew’s 2010 Seasalt source code.

“This research represents how threat actors are continuously learning from each other and building upon their peers’ greatest innovations,” Raj Samani, Chief Scientist at McAfee, said in a statement.

McAfee found that Oceansalt was launched in five attack “waves” adapted to its targets.

Logo of McAfee
Logo of McAfee, flickr

The first and second waves of the attack were spearfishing based and began with a malicious Korean-language Microsoft Excel document created and saved in May 2018, acting as downloaders of the implant.

A third round of malicious documents, this time in Microsoft Word, carried the same metadata and author as the Excel documents.

The Word document contained fake information related to the financials of the Inter-Korean Cooperation Fund. Waves four and five identified a small number of targets outside of South Korea – including the US and Canada – as the attackers expanded their scope.

Also Read- Latest Football Results At 777score

As for implications and impact, these attacks may be a precursor to a much larger attack given the control the attackers have over their infected victims, McAfee said.

Oceansalt gives the attackers full control of any system they manage to compromise and the network to which it is connected. Given the potential collaboration with other threat actors, considerably more assets are open and available to act upon, the report said. (IANS)

Next Story

North Korean-backed ‘Sharpshooter’ Cyber Attacks Still on, Says McAfee Report

Previous attacks focused on telecommunications, government and financial sectors, primarily in the US, Switzerland, Israel and others

0
Logo of McAfee
Logo of McAfee, flickr

A global cyber espionage campaign, known as Operation Sharpshooter, started a year earlier than previously thought and is still ongoing, say security researchers, adding that a group linked to North Korea could be behind the campaign.

The findings were revealed after researchers at US-headquartered global cybersecurity firm McAfee got a rare opportunity to examine the code and data from a command-and-control server responsible for the management of the operations, tools and tradecraft behind this global cyber espionage campaign.

McAfee on Sunday said the command-and-control server code was provided by a government entity.

“Access to the adversary’s command-and-control server code is a rare opportunity. These systems provide insights into the inner workings of cyberattack infrastructure, are typically seized by law enforcement, and only rarely made available to private sector researchers,” Christiaan Beek, McAfee Senior Principal Engineer and Lead Scientist, said in a statement.

McAfee first uncovered Operation Sharpshooter in December 2018.

cyberattack
Image source: wordpress.com

The new analysis suggests that the campaign began as early as September 2017 — approximately a year earlier than previously evidenced — and is still ongoing.

Analysis of the new evidence has exposed striking similarities between the techniques used in the Sharpshooter attacks and aspects of multiple other groups of attacks attributed by the industry to the Lazarus Group, McAfee said.

The Lazarus Group is linked to North Korea which was blamed for the 2016 Sony hack and the WannaCry ransomware outbreak in 2017 among other attacks on global businesses.

Also Read- ISRO Launches ‘Young Scientist’ Programme to Train Students in Space Science

The Sharpshooter attacks appear to now focus primarily on financial services, government and critical infrastructure,McAfee said, adding that the largest number of recent attacks primarily target Germany, Turkey, Britain and the US.

Previous attacks focused on telecommunications, government and financial sectors, primarily in the US, Switzerland, Israel and others, it added. (IANS)