Many of the most active APT actors from the last decade have faded into oblivion, either following high-profile public outings, or for reasons unknown, according to PwC cyber security partner Kris McConkey. Speaking at the recent Kaspersky Security Analyst Summit 2017, he said that others, in spite of public reporting, have remained active and have continued to operate quietly under the radar for years.
In this presentation, we take an in-depth look into one such group. Operating since 2009, followed closely by the security community for years, and with high-profile exposure in 2013, many assumed they subsequently disbanded. A series of our incident response engagements in late 2016, however, suggests otherwise.
This is a technical talk, covering a series of malware families used by the threat actor, and the results of (currently-in-progress) multi-vendor collaboration into their operations, as well as strategic, outlining the potential real-world rationale for their targeting.