Tuesday December 18, 2018
Home Lead Story McAfee Discov...

McAfee Discovers Cyber-spy Campaign Using Code From Chinese Group

As for implications and impact, these attacks may be a precursor to a much larger attack given the control the attackers have over their infected victims, McAfee said

0
//
McAfee
Sensitive data in Cloud more exposed than organisations think: McAfee. IANS
Republish
Reprint

Global cybersecurity firm McAfee on Thursday said it discovered a new cyber espionage campaign which reused source code from the hacker group APT1, or Comment Crew, a Chinese military-affiliated group accused of launching cyber-attacks on more than 141 US companies from 2006 to 2010.

The new campaign, dubbed Operation Oceansalt, is targeting South Korea, Canada and the US, McAfee said in a report released in its cybersecurity summit “MPOWER 2018” here.

The actors of this new campaign have not been identified.

However, the report suggests that the development of the Oceansalt implant would not have been possible unless the actors behind it had direct access to Comment Crew’s 2010 Seasalt source code.

“This research represents how threat actors are continuously learning from each other and building upon their peers’ greatest innovations,” Raj Samani, Chief Scientist at McAfee, said in a statement.

McAfee found that Oceansalt was launched in five attack “waves” adapted to its targets.

Logo of McAfee
Logo of McAfee, flickr

The first and second waves of the attack were spearfishing based and began with a malicious Korean-language Microsoft Excel document created and saved in May 2018, acting as downloaders of the implant.

A third round of malicious documents, this time in Microsoft Word, carried the same metadata and author as the Excel documents.

The Word document contained fake information related to the financials of the Inter-Korean Cooperation Fund. Waves four and five identified a small number of targets outside of South Korea – including the US and Canada – as the attackers expanded their scope.

Also Read- Latest Football Results At 777score

As for implications and impact, these attacks may be a precursor to a much larger attack given the control the attackers have over their infected victims, McAfee said.

Oceansalt gives the attackers full control of any system they manage to compromise and the network to which it is connected. Given the potential collaboration with other threat actors, considerably more assets are open and available to act upon, the report said. (IANS)

Click here for reuse options!
Copyright 2018 NewsGram

Next Story

McAfee Reports Exposure of Sensitive Data in Cloud More Than Organisations Think

According to the report, threat events in the Cloud, (compromised account, privileged user and insider threats) have increased 27.7 per cent (YoY), with threats in Microsoft Office365 growing by 63 per cent (YoY)

0
McAfee
Sensitive data in Cloud more exposed than organisations think: McAfee. IANS

Sharing sensitive data in the Cloud has increased exponentially and nearly a quarter of the data can be categorized as sensitive, putting an organisation at risk if stolen or leaked, a McAfee report revealed on Tuesday.

Twenty one percent of all files in the Cloud contain sensitive data, demonstrating a steady increase year-over-year (YoY), said the “Cloud Adoption and Risk Report” by the cyber security company.

“Coupled with the fact that sharing sensitive data in the cloud has increased 53 per cent (YoY), those who do not adopt a cloud strategy that includes data loss protection, configuration audits and collaboration controls, will endanger the security of their most valuable asset-data,” the report warned.

“Operating in the Cloud has become the new normal for organisations, so much so that our employees do not think twice about storing and sharing sensitive data in the Cloud,” said Rajiv Gupta, Senior Vice President of the Cloud Security Business, McAfee.

Logo of McAfee
Logo of McAfee, flickr

The sharing of sensitive data with an open, publicly accessible link, has increased 23 per cent (YoY) and organisations have more than 2,200 individual misconfiguration incidents per month in their Public Cloud infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances.

According to the report, threat events in the Cloud, (compromised account, privileged user and insider threats) have increased 27.7 per cent (YoY), with threats in Microsoft Office365 growing by 63 per cent (YoY).

“In order to continue to accelerate their business, organisations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS,” Gupta added.

Also Read- Chocolate Ingredient Cacao Dates Back To 5,400 yrs Ago

To secure sensitive data in cloud storage, file-sharing and collaboration applications, organisations must first understand which Cloud services are in use, hold their sensitive data, and how that data is being shared and with whom.

“Once organisations have gained this visibility, they can then enforce appropriate security policies to prohibit highly sensitive data from being stored in unapproved cloud services,” said the report. (IANS)