The Cyber Wire – McAfee researchers report finding a hitherto unremarked “data reconnaissance implant” that’s targeting Korean speakers. They’re calling it “Oceansalt,” an homage to the earlier Seasalt implant that the old Chinese Comment Crew used back in 2010. Indeed, Oceansalt reuses code from Seasalt. The Comment Crew, also known as APT1, is thought to have gone dormant since its exposure in 2013, but a copycat seems to be back. Operations are thought to be closely targeted, with implants distributed via two compromised sites based in South Korea, and to be prospecting targets in Canada and the US as well as in the Republic of Korea.
Facebook has concluded that the breach it recently sustained was the work of criminal spammers, and not a nation-state’s intelligence service.
