Skip to main content

The Mysterious Return of Years-Old Chinese Malware

posted onOctober 18, 2018
by l33tdawg
Wired
Credit: Wired

In 2013, cybersecurity firm Mandiant published a blockbuster report on a state-sponsored hacking team known as APT1, or Comment Crew. The Chinese group achieved instant infamy, tied to the successful hacks of more than 100 US companies and the exfiltration of hundreds of terabytes of data. They also vanished in the wake of being exposed. Now, years later, researchers from security firm McAfee say they’ve found code based on APT1–associated malware cropping up in a new set of attacks.

Specifically, McAfee has found malware that reuses a portion of the code found in an implant called Seasalt, which APT1 introduced sometime around 2010. Lifting and repurposing pieces of malware is not an unusual practice, especially when those tools are widely available or open source. Look no further than the rash of attacks based on EternalBlue, the leaked NSA tool. But source code used by APT1, McAfee says, never became public, nor did it wind up on the black market. Which makes its reappearance something of a mystery.

“When we picked up the samples and we found code reuse for Comment Crew,” says McAfee chief scientist Raj Samani, “all of a sudden it was like an ‘oh shit’ moment.”

Source

Tags

Viruses & Malware China

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th