Researchers have spotted the first stage of a new advanced persistent threat (APT) campaign targeting mainly South Korean victims and borrowing code from the notorious Chinese hacking group Comment Crew.
Operation Oceansalt is the first time white hats have seen code associated with the group, also known as APT1, since it was outed in 2013. Crucially, that code was never made public, according to McAfee.
The campaign uses spear phishing tactics to deliver booby-trapped Office documents to several targets: those with knowledge of South Korean public infrastructure projects and their expenses, the Seoul-backed Inter-Korean Cooperation Fund and various targets in the US and Canada in a variety of sectors including healthcare, telecoms and agriculture.
By Phil Muncaster
To read the full article click here.