Tag: apt
-
VB2019 paper: APT cases exploiting vulnerabilities in region-specific software
Software that is endemic to a specific country or region has long been a popular attack vector, in particular among APT groups, who have a history of exploiting vulnerabilities in such software. Past VB conference papers have analysed attacks against InPage , popular in Pakistan, and against Hangul , widely used in South Korea. Japan…
-
VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail
The Middle East continues to be a hotbed of APT activity. The WindShift group is one of many APT groups active in the region. First described by Darkmatter ’s Taha Karim in 2018, the group’s toolset includes malware for both Windows and macOS . Building on that research, Jamf ’s Patrick Wardle analysed the WindTail…
-
VB2019 paper: Defeating APT10 compiler-level obfuscations
Obfuscation in malware has long frustrated analysis, and obfuscation at the compiler level, such as opaque predicates and control flow flattening, has been particularly challenging. One group that has been using this kind of obfuscation is APT10, an APT group made famous through a 2018 indictment by the US government in which two Chinese individuals…
-
VB2019 paper: Kimsuky group: tracking the king of the spear-phishing
In September 2013, Kaspersky reported a new APT group it dubbed ‘Kimsuky’, which it linked to North Korea. The group, whose interests include South Korean industry, journalists and North Korean defectors, continues to be active: recent activity was analysed by Yoroi earlier this month . Jaeki Kim. Kyoung-Ju Kwak and Min-Chang Jang from Financial Security…
-
VB2019 paper: A vine climbing over the Great Firewall: a long-term attack against China
The global nature of both the Virus Bulletin conference and APT threats was highlighted by a VB2019 paper from Lion Gu and Bowen Pan from the Qi An Xin Threat Intelligence Center in China. In their paper, the researchers analysed an APT group dubbed ‘Poison Vine’, which targeted various government, military and research institutes in…
-
VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles
The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups of recent years. It has engaged in digital espionage, destructive attacks and financially motivated attacks, and was probably the most discussed threat group at VB2018 in Montreal. One of the Lazarus-related papers at VB2018 was written by…
-
VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles
The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups of recent years. It has engaged in digital espionage, destructive attacks and financially motivated attacks, and was probably the most discussed threat group at VB2018 in Montreal. One of the Lazarus-related papers at VB2018 was written by…
-
VB2018 paper: Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors
IT security research stumbled into the world of nation-state intelligence operations more or less by accident. In a now classic VB2015 paper , Juan Andres Guerrero-Saade discussed this shift from security research to intelligence brokerage and what this implied. Juan Andres has been a regular speaker at the VB conference since then, and has given…
-
VB2018 paper: Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors
IT security research stumbled into the world of nation-state intelligence operations more or less by accident. In a now classic VB2015 paper , Juan Andres Guerrero-Saade discussed this shift from security research to intelligence brokerage and what this implied. Juan Andres has been a regular speaker at the VB conference since then, and has given…
-
VB2018 video: The Big Bang Theory by APT-C-23
The APT-C-23 group, which targets users in the Middle East and in particular in the State of Palestine, was named and first reported on by 360 in a Chinese language blog post in early 2013. Its campaigns have since been written about by many security vendors, including Palo Alto and Cisco Talos . Check Point…