Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew

Cybersecurity researchers from McAfee’s Advanced Threat Research team have discovered a new campaign which focuses on cyberespionage and data reconnaissance. South Korea appears to be the primary target of the campaign, dubbed “Operation Oceansalt,” with five attack waves launched in May against organizations in the country.

The group uses a data reconnaissance implant which became of serious interest to the researchers. Upon further examination, it was discovered that the implant is based on the source code of Comment Crew. Also known as APT1, Comment Crew is an advanced persistent threat (APT) group with links to the Chinese military.

Read more about the newly discovered attack campaign on ZDNet.