Explore a comprehensive analysis of operational security failures in Advanced Persistent Threat (APT) campaigns in this 29-minute conference talk by Kris McConkey from PwC at Kaspersky Lab's Security Analyst Summit #TheSAS2015. Delve into case studies of APT 1 from 2013 and APT 2 from 2014, examining their progression and the personal connections involved. Investigate how threat actors attempt to protect their privacy by switching countries and using various tools. Learn about the Petersburg Crew, their use of QQ profiles, and their communication methods. Uncover the process of tracking new email addresses, job advertisements, and confirmed links. Gain insights into the Nevada operation and the use of SocksPNG. Conclude with key takeaways on APT OpSec failures and their implications for cybersecurity professionals.
Overview
Syllabus
Introduction
APT 1 2013
APT 2 2014
APT 2 Progress
Personal Connections
Switching Country
Privacy Protect
FireEye
Petersberg Crew
QQ profile
Missile comm
New email address
Registration
Job advert
Confirmed links
Nevada
SocksPNG
Conclusion
Taught by
Kaspersky