Explore a comprehensive analysis of four recent APT campaigns targeting financial institutions in this 55-minute Black Hat conference talk. Delve into the intricate details of attacks on South Korean and EMEA banks, an ATM company, and Bitcoin exchange service providers. Gain insights into the malware, vulnerabilities, indicators of compromise (IOCs), and attack vectors employed by nation-state actors. Examine the Bluenoroff group's assault on a major Korean bank, the breach of an ATM operator company, and the hacking campaign against Bitcoin exchanges. Investigate a unique attack on an Egyptian bank and discover how threat actors utilize various delivery methods and decoys. Learn about the attackers' use of open directory browsing on command and control servers, their acquisition of new C&C infrastructure through Bitcoin, and their deployment of Monero miners. Analyze sample timestamps to understand the Andariel Group's activities and conclude with key takeaways from this in-depth exploration of sophisticated financial cybercrime.
Nation-State Moneymule's Hunting Season - APT Attacks Targeting Financial Institutions
Overview
Syllabus
Intro
BACKGROUND - who are they?
BACKGROUND - Activity Timeline
KOREA MAJOR BANK ATTACK BY BLUENOROFF - Background
KOREA MAJOR BANK ATTACK BY BLUENOROFF - Attack Vector
KOREA MAJOR BANK ATTACK BY BLUENOROFF - Malware
VANXATM - ATM OPERATOR COMPANY BREACH
BITCOIN EXCHANGES HACKING CAMPAIGN
BITCOIN EXCHANGES HACKED - Phishing Email Attack Vector
BITCOIN EXCHANGES HACKED - Attack Timeline
INTERESTING ATTACK TARGETED BANK IN EGYPT - Background
Campaign targeted Egypt bank and SK banks - Delivery Method
Campaign targeted Egypt bank and SK banks - Interesting Decoys
Directory browsing open on C&C server
Getting new C&C server with (stolen? ransomed?) bitcoin
USING MONERO MINER
Sample Timestamp Analysis of Andariel Group (GMT+9)
BLACK HAT SOUND BYTES (CONCLUSION)
Taught by
Black Hat
