Introduction to targeted attacks

1. Targeted Attacks
Presented by :-
Ashwin Vamshi (@ashwin_vamshi)
Rahul Choudhary (@r3dinf0)

2. Data shown in this presentation has been collected from
various sources. Our intention is to use the collected
information for knowledge sharing/awareness purpose
only.

3. A targeted attack refers to a type of
threat in which threat actors actively
pursue and compromise a target entity's
infrastructure while maintaining
anonymity.

4. Source: http://www.swirlingovercoffee.com/wp-content/uploads/2014/05/Advanced-Persistent-Threat.png

5. Early Days …

9. When is an attack considered a
targeted attack?
• When attackers have a specific target in mind
• The main aim of the targeted attack is
to infiltrate the target’s network
and steal information from their servers
• The attack is persistent, with the attackers expending
considerable effort to ensure the attack continues
beyond the initial network penetration and
infiltration of data.

10. Motives for targeted attacks :-
Information theft
Espionage
Sabotage

11. Offensive/Defensive Purpose ??

12. Key Players !!!

13. Tools used in Targeted Attacks …

14. Some more T00ls …
Rubber ducky
Plug Bot
Raspberry Pi

15. Targeting an individual
or
An Organization
Financial Sector
Telecom Sector
Healthcare Sector
Industrial control systems
CEO / CFO / Board Members

16. :: Targeted Attack CASE STUDY ::
Video Demo (Trend micro)
Source: https://www.youtube.com/watch?v=0hs8rc2u5ak

17. Stages of targeted attack
Source: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cybercriminals-
use-what-works.pdf

18. Stages of targeted attack
Source:
http://www.slideshare.net/Sh1n0g1/shinob
ot-suite?next_slideshow=1

19. Methodology
• Information gathering from various sources
(i.e. social media sites, developer sites)
• Target behavioral analysis (what are
interests?? .. News, Finance, Politics, Business)
• Social engineering tactics
• Crafted attack
• Lots of “PATIENCE” !!!!

20. Examples !!

21. !! Cybercrime Operation !!
!! Targeted Attacks !!
!! Advance Persistent Threats !!
Are all these same ??

22. Case Study :-
https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-
attempt-central-bank-armenia-employees

23. Case Study :
The cybercriminals gathered the email
addresses of about 20 employees and sent
them emails with malicious PDF/Macro
enabled files attached. If a recipient opened
the file using Adobe Reader or enable the
macro of Microsoft office document (i.e. xls,
doc, ppt), the exploit code embedded in the
document downloaded a Trojan and resulted
into “System Compromise”.

24. Deceive and Infect
• Targeted emails and documents
• Just click the shortcut: the rar/lnk trick
• Right-to-left extension override trick
• Social Networking tricks

25. Click & Rar Technique

26. Right-to-left extension override trick

27. CASE STUDY :: Targeting a power company
http://www.techinsider.io/red-team-
security-hacking-power-company-2016-4
Worth Watching 
Good Movies : BlackHat 2015
(http://www.dailymotion.com/video/x2qjgqc)
Episode Series : Mr. Robots

28. References :-
APT Archive :
https://github.com/kbandla/APTnotes
Example of a multistage attack :
https://www.virustotal.com/en/ip-address/61.137.223.48/information/
Shadow Force : http://blog.trendmicro.com/trendlabs-security-
intelligence/shadow-force-uses-dll-hijacking-targets-south-korean-
company/
ShinoBot :http://www.slideshare.net/Sh1n0g1/introduction-of-shinobot-
black-hat-usa-2013-arsenal

29. Q
&
A