Supply Chain Attack Through CCleaner - Evidence Aurora Operation Still Active
Security BSides San Francisco via YouTube
Overview
Explore the intricacies of a sophisticated supply chain attack through CCleaner in this 27-minute conference talk from BSidesSF 2018. Delve into the details of how hackers compromised millions of accounts, targeting specific telecom equipment companies in the United States, Japan, South Korea, and Taiwan. Examine the evidence suggesting the involvement of APT17, also known as Operation Aurora, and their specialized tactics in supply chain attacks. Analyze the complexity and quality of the CCleaner attack, including the unique implementation of base64 encoding and its connection to previous APT17 operations. Gain insights into the stages of the attack, code reuse detection, and the implications of state-sponsored cyber operations. Learn key takeaways about supply chain vulnerabilities and the ongoing threat landscape in this informative presentation by Itai Tevet.
Syllabus
Intro
ABOUT ME
TOPICS OF DICUSSION
WHAT IS A SUPPLY CHAIN ATTACK?
RESULT OF SUPPLY CHAIN ATTACK
CASE STUDY: CCLEANER SUPPLY CHAIN ATTACK
CCLEANER ATTACKER OVERVIEW
TARGETS AND EFFECTIVENESS
CODE REUSE DETECTION
WHAT DO WE KNOW ABOUT APT 177
STAGE 1 - CODE REUSE
CODE EXAMPLES
STAGE 2 -CODE REUSE
KEY TAKEAWAYS
Taught by
Security BSides San Francisco