Not-so Passive Sonar - Red October

969 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
969
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Not-so Passive Sonar - Red October

  1. 1. Red October Tracking Active CyberSONAR in 2012Kurt Baumgartner, Senior Security ResearcherGlobal Research and Analysis Team
  2. 2. Long-Running Cyber-surveillance CampaignPerspectives of Red October intelligence gathering Advanced Cyberespionage Network Unique Architecture Broad Target Variety Exploit Scrubbing Attacker Identifiers
  3. 3. Advanced Cyberespionage NetworkYour conclusions were all wrong, Ryan
  4. 4. Unique ArchitectureYknow, I seen me a mermaid once. I even seen me a shark eat an octopus. Over 1,000 related files collected
  5. 5. Broad Target VarietyVarious diplomats, government agencies, geopolitical financial centers, and more Sources: 2012 KSN Data + Sinkhole activity
  6. 6. Exploit ScrubbingScrubbed CN-APT spear Scrubbed CN-APT spear • CVE-2012-0158 • CVE-2010-3333 • CVE-2009-3129 Custom decoys Timely, relevant names Ongoing detection, AV-evasion, Advanced Exploit Prevention
  7. 7. Attacker IdentifiersClassifying and locating Historical WHOIS Compiled Artifacts
  8. 8. Thank You Questions, comments, criticism?Kurt Baumgartner, Senior Security ResearcherGlobal Research and Analysis Teamkurt.baumgartner@kaspersky.com

×