Security Market Segment LS
Thursday, 18 October 2018 11:05

Old 'Chinese' malware reappears in new campaign

Old 'Chinese' malware reappears in new campaign Image courtesy of Stuart Miles at

Security vendor McAfee has detected the re-use of code associated with Chinese military affiliated hacker group APT1, aka Comment Crew.

The re-use of an implant associated with APT1 is "a significant finding", according to McAfee fellow and chief scientist Raj Samani.

The new campaign — which began in May — has been dubbed Operation Oceansalt by McAfee, reflecting its use of code previously seen in 2010's Operation Seasalt. As far as McAfee has been able to determine, there are no indications that the Seasalt code became public.

Oceansalt initially targeted the South Korean higher education sector, and involved a macro in a document showing "a strong command of the Korean language".

It subsequently extended to public infrastructure organisations in South Korea, and later circulated fake information about the Inter-Korean Co-operation Fund.

The documents were distributed from compromised South Korean sites.

Later waves targeted a small number of organisations in other parts of the world, including the US and Canada.

"Is China back? We don't do attribution," said Samani.

He outlined three possibilities: a code-sharing agreement between two nation states, an actor obtaining the source code from someone associated with APT1, or a "false flag" operation intended to suggest collaboration between China and North Korea.

The implant is able to exfiltrate and delete files, and set up a reverse shell giving full control over the affected computer, among other functions. But Samani said it had not been possible to determine the goal of the campaign.

He added that McAfee had delayed announcing its findings until the information had been cleared by relevant law enforcement organisations, and that the indicators that a system has been compromised by the campaign are being made public.

The writer attended McAfee's Mpower Cyberecurity Summit as a guest of the company.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments