Overview
Explore the tools and tactics of the Sednit cyber espionage group in this 37-minute conference talk from NorthSec 2015. Delve into their recent campaigns targeting Eastern Europe, focusing on Ukraine-related topics and custom exploit-kits. Examine the group's exploitation chain, home-made exploit development, and deception techniques like fake password change pages. Analyze the X-Agent malware's Windows and iOS versions, including its modules and communication channels. Gain insights into the group's technical capabilities and understand the broader context of their cyber espionage activities in Eastern Europe.
Syllabus
Intro
Outline
Discovery
Exploitation Chain (1)
Exploitation Chain (2)
Home-Made Exploit Development
Fake Yahoo Change Password Page
Context
Case 1: EConsul
Decoys
Network Communications
Result: "Execution Trace"
X-Agent Modules Windows Version
X-Agent Communication Channels
X-Agent iOS version
Technical Facts
Conclusion
Taught by
NorthSec