Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Supply Chain Attack Through CCleaner - Evidence Aurora Operation Still Active

Security BSides San Francisco via YouTube

Overview

Explore the intricacies of a sophisticated supply chain attack through CCleaner in this 27-minute conference talk from BSidesSF 2018. Delve into the details of how hackers compromised millions of accounts, targeting specific telecom equipment companies in the United States, Japan, South Korea, and Taiwan. Examine the evidence suggesting the involvement of APT17, also known as Operation Aurora, and their specialized tactics in supply chain attacks. Analyze the complexity and quality of the CCleaner attack, including the unique implementation of base64 encoding and its connection to previous APT17 operations. Gain insights into the stages of the attack, code reuse detection, and the implications of state-sponsored cyber operations. Learn key takeaways about supply chain vulnerabilities and the ongoing threat landscape in this informative presentation by Itai Tevet.

Syllabus

Intro
ABOUT ME
TOPICS OF DICUSSION
WHAT IS A SUPPLY CHAIN ATTACK?
RESULT OF SUPPLY CHAIN ATTACK
CASE STUDY: CCLEANER SUPPLY CHAIN ATTACK
CCLEANER ATTACKER OVERVIEW
TARGETS AND EFFECTIVENESS
CODE REUSE DETECTION
WHAT DO WE KNOW ABOUT APT 177
STAGE 1 - CODE REUSE
CODE EXAMPLES
STAGE 2 -CODE REUSE
KEY TAKEAWAYS

Taught by

Security BSides San Francisco

Reviews

Start your review of Supply Chain Attack Through CCleaner - Evidence Aurora Operation Still Active

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.