SlideShare ist ein Scribd-Unternehmen logo

Amien Harisen - APT1 Attack

Als PPTX, PDF herunterladen
Indonesia Honeynet Chapter
Indonesia Honeynet Chapter

Amien Harisen - APT1 Attack

Technologie
1 von 26
Advanced Persistent Threat Be Aware or Be Conquered
Introduction Amien H. Rosyandino / Green ID-SIRTII (2009- 2012) Spentera (2013 – Now) InfoSec Enthusiast Research : • Honeypot • Attack Pattern / APT Analysis • Malware Analysis • Computer Forensics
Fire Sale (is it a myth ?) • Take Out Transportation • Take Out Financial Base & Telecoms • Take Out the Utilities & Power Three Step Systematic Attack
Definition • The term originally referred to nation-states engaging in cyber espionage. • What distinguishes an APT from other threats is that it is targeted, persistent, evasive and advanced. • APTs target specific organizations with the purpose of stealing specific data or causing specific damage.
Stux Net • It is the first discovered malware that spies on and subverts industrial systems. • Discovered in June 2010 and it is believed to have been created by the United States and Israel to attack Iran's nuclear facilities • The worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes. • On 1 June 2012, an article in The New York Times said that Stuxnet is part of a U.S. and Israeli intelligence operation called "Operation Olympic Games", started under President George W. Bush and expanded under President Barack Obama.
Introducing APT1 • World next publicly available comprehensive report on Advanced Persistent Threat • Provided by Mandiant (www.mandiant.com) • It’s a nickname for a group that being government sponsored for doing specific attack and specific purpose • China is the suspected government that sponsored the group
APT1 Group Structure • APT1 is believed to be the 2nd Bureau of the PLA GSD 3rd Dept, with MUCD Unit 61398 • For the Estimation Unit 61398 is staffed by hundreds, and perhaps thousands of people based on the size of Unit 61398’s physical infrastructure • Unit 61398 is partially situated on Datong Road (大同路) in Gaoqiaozhen (高桥镇), which is located in the Pudong New Area (浦东新区) of Shanghai (上海). The central building in this compound is a 130,663 square foot facility that is 12 stories high and was built in early 2007 • Unit 61398 requires its personnel to be trained in computer security and computer network operations and also requires its personnel to be proficient in the English language
APT1 Group Structure
APT1 Group Structure
APT1 Data Breach Summary • APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously. • Once APT1 has established access, they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership. • The longest time period APT1 maintained access to a victim’s network was 1,764 days, or four years and ten months. • Among other large-scale thefts of intellectual property, we have observed APT1 stealing 6.5 terabytes of compressed data from a single organization over a ten-month time period.
APT1 Data Theft • Product development and use, including information on test results, system designs, product manuals, parts lists, and simulation technologies; • manufacturing procedures, such as descriptions of proprietary processes, standards, and waste management processes; • business plans, such as information on contract negotiation positions and product pricing, legal events, mergers, joint ventures, and acquisitions; • policy positions and analysis, such as white papers, and agendas and minutes from meetings involving high ranking personnel; emails of high-ranking employees; and user credentials and network architecture information.
Example
APT1 Target Summary • Since 2006, Mandiant has observed APT1 compromise 141 companies spanning 20 major industries. • APT1 focuses on compromising organizations across a broad range of industries in English-speaking countries. • Of the 141 APT1 victims, 87% of them are headquartered in countries where English is the native language. • The industries APT1 targets match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan.
APT1 Target Summary
APT1 Target Summary
APT1 Attack Lifecycle
Attack Lifecycle Different
APT1 Attack Method Same attack vector but targeted purpose
Some Real World Case Estonia Cyber Attack Russia Cyber attack against Georgia blowing oil refineries KRTV Hijacked for Zombie Attack
Where do we stand ?
Where do we stand ?
Where do we stand ?
Team Cymru Statistic
Team Cymru Statistic
So ? Are there any reasons for not be concerned ?
Thank YOU !! Fade2Green@GMail.com Amien.Green@Spentera.com

Empfohlen

Intelligence Collection and Analysis
Intelligence Collection and AnalysisIntelligence Collection and Analysis
Intelligence Collection and Analysisatrantham
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLDJack Kessler
 
Intelligence Cycle
Intelligence CycleIntelligence Cycle
Intelligence CyclePrincess Lyka De Guzman
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draftDamir Delija
 

Empfohlen

Intelligence Collection and Analysis
Intelligence Collection and AnalysisIntelligence Collection and Analysis
Intelligence Collection and Analysisatrantham
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLDJack Kessler
 
Intelligence Cycle
Intelligence CycleIntelligence Cycle
Intelligence CyclePrincess Lyka De Guzman
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draftDamir Delija
 
Basic intelligence
Basic intelligenceBasic intelligence
Basic intelligenceJoann Villareal
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallCommonwealth Telecommunications Organisation
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasInterset
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 
Digital forensics
Digital forensics Digital forensics
Digital forensics Adriana Backman
 
Ajs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comAjs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comHarrisGeorg5
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.guestcf6f5b
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionInterset
 
Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2FRSecure
 
Ch 1 assets
Ch 1 assetsCh 1 assets
Ch 1 assetsDheeraj Sadawarte
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 
AJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comAJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comLeoTolstoy17
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Maurice Dawson
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainIBM Security
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...PLUMgrid
 

Weitere ähnliche Inhalte

Was ist angesagt?

Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasInterset
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 
Ajs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comAjs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comHarrisGeorg5
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.guestcf6f5b
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionInterset
 
Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2FRSecure
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 
AJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comAJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comLeoTolstoy17
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Maurice Dawson
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 

Was ist angesagt? (19)

Basic intelligence
Basic intelligenceBasic intelligence
Basic intelligence
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wall
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fick
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence Agencies
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Ajs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comAjs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.com
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
 
Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2
 
Ch 1 assets
Ch 1 assetsCh 1 assets
Ch 1 assets
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
 
AJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comAJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.com
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15
 

Andere mochten auch

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainIBM Security
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...PLUMgrid
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
InduSoft System security webinar 2012
InduSoft System security webinar 2012InduSoft System security webinar 2012
InduSoft System security webinar 2012AVEVA
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler Cyphort
 
Security best practices
Security best practicesSecurity best practices
Security best practicesAVEVA
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?anupriti
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 

Andere mochten auch (19)

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - Public
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
InduSoft System security webinar 2012
InduSoft System security webinar 2012InduSoft System security webinar 2012
InduSoft System security webinar 2012
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
 
Security best practices
Security best practicesSecurity best practices
Security best practices
 
Osorio antonhy 3 b
Osorio antonhy 3 bOsorio antonhy 3 b
Osorio antonhy 3 b
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data Breach
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 

Ähnlich wie Amien Harisen - APT1 Attack

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
 
Target attack (hkust gold edition)(public version)
Target attack (hkust gold edition)(public version)Target attack (hkust gold edition)(public version)
Target attack (hkust gold edition)(public version)Anthony Lai
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Cyber_Security_Issues_and_Challenges.pptx
Cyber_Security_Issues_and_Challenges.pptxCyber_Security_Issues_and_Challenges.pptx
Cyber_Security_Issues_and_Challenges.pptxGracePeter10
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedHow Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedJerry Paul Acosta
 
APCERT Updates
APCERT UpdatesAPCERT Updates
APCERT UpdatesAPNIC
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Mims_Resume_Aug122016
Mims_Resume_Aug122016Mims_Resume_Aug122016
Mims_Resume_Aug122016Ronald Mims
 
A Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksA Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksEditor IJCATR
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteDamir Delija
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceValdez Ladd MBA, CISSP, CISA,
 

Ähnlich wie Amien Harisen - APT1 Attack (20)

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPs
 
Target attack (hkust gold edition)(public version)
Target attack (hkust gold edition)(public version)Target attack (hkust gold edition)(public version)
Target attack (hkust gold edition)(public version)
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Cyber_Security_Issues_and_Challenges.pptx
Cyber_Security_Issues_and_Challenges.pptxCyber_Security_Issues_and_Challenges.pptx
Cyber_Security_Issues_and_Challenges.pptx
 
C
CC
C
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
 
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a BreachCSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
 
Deliovering Secure e-Goverment Facilities in Africa
Deliovering Secure e-Goverment Facilities in AfricaDeliovering Secure e-Goverment Facilities in Africa
Deliovering Secure e-Goverment Facilities in Africa
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedHow Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is Implemented
 
APCERT Updates
APCERT UpdatesAPCERT Updates
APCERT Updates
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Mims_Resume_Aug122016
Mims_Resume_Aug122016Mims_Resume_Aug122016
Mims_Resume_Aug122016
 
A Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksA Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer Networks
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidente
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Presentation1
Presentation1Presentation1
Presentation1
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
 

Mehr von Indonesia Honeynet Chapter

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureIndonesia Honeynet Chapter
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyIndonesia Honeynet Chapter
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesIndonesia Honeynet Chapter
 

Mehr von Indonesia Honeynet Chapter (8)

Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health Security
 
Karunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident HandlingKarunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident Handling
 
Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013
 
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident Updates
 

Kürzlich hochgeladen

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Kürzlich hochgeladen (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Amien Harisen - APT1 Attack

  • 1. Advanced Persistent Threat Be Aware or Be Conquered
  • 2. Introduction Amien H. Rosyandino / Green ID-SIRTII (2009- 2012) Spentera (2013 – Now) InfoSec Enthusiast Research : • Honeypot • Attack Pattern / APT Analysis • Malware Analysis • Computer Forensics
  • 3. Fire Sale (is it a myth ?) • Take Out Transportation • Take Out Financial Base & Telecoms • Take Out the Utilities & Power Three Step Systematic Attack
  • 4. Definition • The term originally referred to nation-states engaging in cyber espionage. • What distinguishes an APT from other threats is that it is targeted, persistent, evasive and advanced. • APTs target specific organizations with the purpose of stealing specific data or causing specific damage.
  • 5. Stux Net • It is the first discovered malware that spies on and subverts industrial systems. • Discovered in June 2010 and it is believed to have been created by the United States and Israel to attack Iran's nuclear facilities • The worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes. • On 1 June 2012, an article in The New York Times said that Stuxnet is part of a U.S. and Israeli intelligence operation called "Operation Olympic Games", started under President George W. Bush and expanded under President Barack Obama.
  • 6. Introducing APT1 • World next publicly available comprehensive report on Advanced Persistent Threat • Provided by Mandiant (www.mandiant.com) • It’s a nickname for a group that being government sponsored for doing specific attack and specific purpose • China is the suspected government that sponsored the group
  • 7. APT1 Group Structure • APT1 is believed to be the 2nd Bureau of the PLA GSD 3rd Dept, with MUCD Unit 61398 • For the Estimation Unit 61398 is staffed by hundreds, and perhaps thousands of people based on the size of Unit 61398’s physical infrastructure • Unit 61398 is partially situated on Datong Road (大同路) in Gaoqiaozhen (高桥镇), which is located in the Pudong New Area (浦东新区) of Shanghai (上海). The central building in this compound is a 130,663 square foot facility that is 12 stories high and was built in early 2007 • Unit 61398 requires its personnel to be trained in computer security and computer network operations and also requires its personnel to be proficient in the English language
  • 10. APT1 Data Breach Summary • APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously. • Once APT1 has established access, they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership. • The longest time period APT1 maintained access to a victim’s network was 1,764 days, or four years and ten months. • Among other large-scale thefts of intellectual property, we have observed APT1 stealing 6.5 terabytes of compressed data from a single organization over a ten-month time period.
  • 11. APT1 Data Theft • Product development and use, including information on test results, system designs, product manuals, parts lists, and simulation technologies; • manufacturing procedures, such as descriptions of proprietary processes, standards, and waste management processes; • business plans, such as information on contract negotiation positions and product pricing, legal events, mergers, joint ventures, and acquisitions; • policy positions and analysis, such as white papers, and agendas and minutes from meetings involving high ranking personnel; emails of high-ranking employees; and user credentials and network architecture information.
  • 13. APT1 Target Summary • Since 2006, Mandiant has observed APT1 compromise 141 companies spanning 20 major industries. • APT1 focuses on compromising organizations across a broad range of industries in English-speaking countries. • Of the 141 APT1 victims, 87% of them are headquartered in countries where English is the native language. • The industries APT1 targets match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan.
  • 18. APT1 Attack Method Same attack vector but targeted purpose
  • 19. Some Real World Case Estonia Cyber Attack Russia Cyber attack against Georgia blowing oil refineries KRTV Hijacked for Zombie Attack
  • 20. Where do we stand ?
  • 21. Where do we stand ?
  • 22. Where do we stand ?
  • 25. So ? Are there any reasons for not be concerned ?