Supply Chain Attack Through CCleaner - Evidence Aurora Operation Still Active

Explore the intricacies of a sophisticated supply chain attack through CCleaner in this 27-minute conference talk from BSidesSF 2018. Delve into the details of how hackers compromised millions of accounts, targeting specific telecom equipment companies in the United States, Japan, South Korea, and Taiwan. Examine the evidence suggesting the involvement of APT17, also known as Operation Aurora, and their specialized tactics in supply chain attacks. Analyze the complexity and quality of the CCleaner attack, including the unique implementation of base64 encoding and its connection to previous APT17 operations. Gain insights into the stages of the attack, code reuse detection, and the implications of state-sponsored cyber operations. Learn key takeaways about supply chain vulnerabilities and the ongoing threat landscape in this informative presentation by Itai Tevet.