A new campaign dubbed ‘Operation Oceansalt’ has been spotted targeting victims in South Korea, U.S., and Canada.
The McAfee Advanced Threat Research team released the findings in a new report “Operation Oceansalt Attacks South Korea, U.S., and Canada with Source Code from Chinese Hacker Group.” According to McAfee, the threat that was launched in “five distinct waves adapted to their separate targets.”
McAfee said the new campaign could be linked to hacker group APT1, or Comment Crew, which was a Chinese military-linked threat actor that conducted offensive cyber operations against U.S. targets going back 10 years.
“The Oceansalt malware uses large parts of code from the Seasalt implant, which was linked to the Chinese hacking group Comment Crew,” McAfee said in the blog post.
Although the possible suspect is Comment Crew, McAfee said there is a possibility the code could have been used by an adversary.
Alternatively, McAfee also said the activity could be a “false flag” operation that suggests the re-emergence of Comment Crew as well.