Your SlideShare is downloading. ×
0
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red October
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Not-so Passive Sonar - Red October

737

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
737
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Red October Tracking Active CyberSONAR in 2012Kurt Baumgartner, Senior Security ResearcherGlobal Research and Analysis Team
  • 2. Long-Running Cyber-surveillance CampaignPerspectives of Red October intelligence gathering Advanced Cyberespionage Network Unique Architecture Broad Target Variety Exploit Scrubbing Attacker Identifiers
  • 3. Advanced Cyberespionage NetworkYour conclusions were all wrong, Ryan
  • 4. Unique ArchitectureYknow, I seen me a mermaid once. I even seen me a shark eat an octopus. Over 1,000 related files collected
  • 5. Broad Target VarietyVarious diplomats, government agencies, geopolitical financial centers, and more Sources: 2012 KSN Data + Sinkhole activity
  • 6. Exploit ScrubbingScrubbed CN-APT spear Scrubbed CN-APT spear • CVE-2012-0158 • CVE-2010-3333 • CVE-2009-3129 Custom decoys Timely, relevant names Ongoing detection, AV-evasion, Advanced Exploit Prevention
  • 7. Attacker IdentifiersClassifying and locating Historical WHOIS Compiled Artifacts
  • 8. Thank You Questions, comments, criticism?Kurt Baumgartner, Senior Security ResearcherGlobal Research and Analysis Teamkurt.baumgartner@kaspersky.com

×