Critical industries in the United States and abroad have been targeted recently by a cyber-espionage campaign waged with computer code previously traced to the Chinese military, but security researchers analyzing the latest activity are skeptical of solely blaming the same state-sponsored hacking group as before.
Computer code deployed more than a decade ago during attacks attributed to Comment Crew, a suspected Chinese government hacking group, has been reused in efforts waged against targets in the U.S., Canada and South Korea as recently as August, researchers at McAfee, a Silicon Valley-based cybersecurity firm, said in a report Thursday.
Also known by names including APT1 and PLA Unit 61398, Comment Crew hackers were previously accused of targeting more than 140 U.S. companies between 2006 and 2010, including Coca-Cola and Halliburton, and the Obama administration brought criminal charges against five of the group’s alleged members prior to the U.S. reaching a supposed cyber pact with China in 2015.
Malware known as “Seasalt” last seen during a Comment Crew campaign conducted in 2010 was reused in recent attacks waged against targets in the the U.S. government, financial and healthcare industries, among others, McAfee’s researchers reported.
Seasalt’s source code was never publicly released, however, raising questions about the origin of the newest strain, dubbed “Oceansalt,” the report noted.
It is “unlikely” Comment Crew has reemerged, McAfee concluded, but rather that the original code was shared with another group through some sort of mutual arrangement, leaked privately by a rogue Comment Crew hacker or repurposed as part of a “false flag” operation that makes it appear that the latest attacks are the product of a partnership between China and North Korea.
“Our research shows that Comment Crew’s malware in part lives on in different forms employed by another advanced persistent threat group operating primarily against South Korea,” the report concluded. “This research represents how threat actors including nation-states might collaborate on their campaigns.”
Hackers utilizing Oceansalt waged operations between Aug. 10 and 14 against U.S. targets involved in the agricultural, financial, government, healthcare, industrial sectors, according to McAfee. The company subsequently contacted law enforcement and potentially compromised targets around five weeks ago, Raj Samani, McAfee’s chief scientist, said at a press conference Thursday, IT World Canada reported.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.