Explore a comprehensive analysis of recent Advanced Persistent Threat (APT) attacks targeting cryptocurrency exchange employees in this 51-minute conference talk from HITB CyberWeek. Gain insights from multiple perspectives, including those of the victim, attacker, and security team. Delve into the attack lifecycle, starting with email spear phishing and progressing through Firefox 0-day exploits and multi-stage malware. Learn about the attacker's preparation methods, including weapon and infrastructure setup, account compromises, and fake website creation. Examine the operation's evaluation of targets and goals, as well as the challenges faced by blue teams. Investigate the intricacies of Stage 1 and Stage 2 malware, including NETWIRE variants. Conclude with valuable insights on attacker methodologies and effective countermeasures to enhance cybersecurity in the cryptocurrency industry.
Overview
Syllabus
Intro
About this talk
About Victim
Email Conversation
Web Browsing
Exploit
Response
Prepare Weapons
Prepare Infra
Hack Accounts
University Accounts
Prepare Website
Script on Fake Website
Prepare John Doe
Start Operation
Operation: Evaluate Targets
Operation: Goal
Blue Team Downsides
Blue Team Weapons
Pain Point for Blue Team
Breadcrumbs for Blue Team
Stage 1 - Overview
Stage 1 - NETWIRE
Stage 1 - variants
Stage 2 - Overview
Previous Analysis
Initial Compromise
Favorite Method
Favorite VPS
Conclusion - Attackers
Conclusion - Countermeasure
Questions?
Taught by
Hack In The Box Security Conference
