Billington 2013 IceFog APT

458 views

Published on

IceFog APT research report announcement at the Billington 2013 conference.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
458
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Billington 2013 IceFog APT

  1. 1. Icefog the Cybermercenaries Precision hit-and-run and the new supply chain superfund sites Kurt Baumgartner, @k_sec Principal Security Researcher, Kaspersky Lab
  2. 2. Annual .gov, .com incidents
  3. 3. APT Jumping Puddles
  4. 4. 2013 Research Releases
  5. 5. Patterns in the Activity? • Operational playbooks • Capability improvements and sharing • Hit-and-run cybermercenaries
  6. 6. Icefog: A Tale of Cloak and Three Daggers • Mitigation information Effective defense Gov/CERT victim identification • Private report Exhaustive attacker and operational information *IceFog’s C&C software was named “三尖刀” – which means “three daggers” or “three knives” – its also ancient Chinese weapon.
  7. 7. Icefog as CyberMercenaries • Agile, smaller crews assigned per “project” • Improved hit-and-run tactics for hire • Seemingly scattered target profiles
  8. 8. Really, More Than Three Daggers • Target profiles reveal potential interests • Military, shipbuilding, satellite, mass media • Icefog Toolset • Microsoft Windows “Fucobha”, Mac OS X “Macfog” • Exploits, lateral movement set, Java EoP • Simple xor over http exfiltration
  9. 9. Present Threats to the Global Supply Chain
  10. 10. Conclusions • Near intractable supply chain issues • Smaller, agile cyber-mercenary crews • Hit-and-run economic espionage and other risk • Public Icefog Report: http://www.securelist.com
  11. 11. Thank You! Kurt Baumgartner, @k_sec Principal Security Researcher, Kaspersky Lab

×