2. Data shown in this presentation has been collected from
various sources. Our intention is to use the collected
information for knowledge sharing/awareness purpose
only.
3. A targeted attack refers to a type of
threat in which threat actors actively
pursue and compromise a target entity's
infrastructure while maintaining
anonymity.
9. When is an attack considered a
targeted attack?
• When attackers have a specific target in mind
• The main aim of the targeted attack is
to infiltrate the target’s network
and steal information from their servers
• The attack is persistent, with the attackers expending
considerable effort to ensure the attack continues
beyond the initial network penetration and
infiltration of data.
15. Targeting an individual
or
An Organization
Financial Sector
Telecom Sector
Healthcare Sector
Industrial control systems
CEO / CFO / Board Members
16. :: Targeted Attack CASE STUDY ::
Video Demo (Trend micro)
Source: https://www.youtube.com/watch?v=0hs8rc2u5ak
17. Stages of targeted attack
Source: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cybercriminals-
use-what-works.pdf
18. Stages of targeted attack
Source:
http://www.slideshare.net/Sh1n0g1/shinob
ot-suite?next_slideshow=1
19. Methodology
• Information gathering from various sources
(i.e. social media sites, developer sites)
• Target behavioral analysis (what are
interests?? .. News, Finance, Politics, Business)
• Social engineering tactics
• Crafted attack
• Lots of “PATIENCE” !!!!
23. Case Study :
The cybercriminals gathered the email
addresses of about 20 employees and sent
them emails with malicious PDF/Macro
enabled files attached. If a recipient opened
the file using Adobe Reader or enable the
macro of Microsoft office document (i.e. xls,
doc, ppt), the exploit code embedded in the
document downloaded a Trojan and resulted
into “System Compromise”.
24. Deceive and Infect
• Targeted emails and documents
• Just click the shortcut: the rar/lnk trick
• Right-to-left extension override trick
• Social Networking tricks
27. CASE STUDY :: Targeting a power company
http://www.techinsider.io/red-team-
security-hacking-power-company-2016-4
Worth Watching
Good Movies : BlackHat 2015
(http://www.dailymotion.com/video/x2qjgqc)
Episode Series : Mr. Robots
28. References :-
APT Archive :
https://github.com/kbandla/APTnotes
Example of a multistage attack :
https://www.virustotal.com/en/ip-address/61.137.223.48/information/
Shadow Force : http://blog.trendmicro.com/trendlabs-security-
intelligence/shadow-force-uses-dll-hijacking-targets-south-korean-
company/
ShinoBot :http://www.slideshare.net/Sh1n0g1/introduction-of-shinobot-
black-hat-usa-2013-arsenal