SlideShare une entreprise Scribd logo

Amien Harisen - APT1 Attack

Télécharger en tant que PPTX, PDF
Indonesia Honeynet Chapter
Indonesia Honeynet Chapter

Amien Harisen - APT1 Attack

Technologie
1  sur  26
Advanced Persistent Threat Be Aware or Be Conquered
Introduction Amien H. Rosyandino / Green ID-SIRTII (2009- 2012) Spentera (2013 – Now) InfoSec Enthusiast Research : • Honeypot • Attack Pattern / APT Analysis • Malware Analysis • Computer Forensics
Fire Sale (is it a myth ?) • Take Out Transportation • Take Out Financial Base & Telecoms • Take Out the Utilities & Power Three Step Systematic Attack
Definition • The term originally referred to nation-states engaging in cyber espionage. • What distinguishes an APT from other threats is that it is targeted, persistent, evasive and advanced. • APTs target specific organizations with the purpose of stealing specific data or causing specific damage.
Stux Net • It is the first discovered malware that spies on and subverts industrial systems. • Discovered in June 2010 and it is believed to have been created by the United States and Israel to attack Iran's nuclear facilities • The worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes. • On 1 June 2012, an article in The New York Times said that Stuxnet is part of a U.S. and Israeli intelligence operation called "Operation Olympic Games", started under President George W. Bush and expanded under President Barack Obama.
Introducing APT1 • World next publicly available comprehensive report on Advanced Persistent Threat • Provided by Mandiant (www.mandiant.com) • It’s a nickname for a group that being government sponsored for doing specific attack and specific purpose • China is the suspected government that sponsored the group
APT1 Group Structure • APT1 is believed to be the 2nd Bureau of the PLA GSD 3rd Dept, with MUCD Unit 61398 • For the Estimation Unit 61398 is staffed by hundreds, and perhaps thousands of people based on the size of Unit 61398’s physical infrastructure • Unit 61398 is partially situated on Datong Road (大同路) in Gaoqiaozhen (高桥镇), which is located in the Pudong New Area (浦东新区) of Shanghai (上海). The central building in this compound is a 130,663 square foot facility that is 12 stories high and was built in early 2007 • Unit 61398 requires its personnel to be trained in computer security and computer network operations and also requires its personnel to be proficient in the English language
APT1 Group Structure
APT1 Group Structure
APT1 Data Breach Summary • APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously. • Once APT1 has established access, they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership. • The longest time period APT1 maintained access to a victim’s network was 1,764 days, or four years and ten months. • Among other large-scale thefts of intellectual property, we have observed APT1 stealing 6.5 terabytes of compressed data from a single organization over a ten-month time period.
APT1 Data Theft • Product development and use, including information on test results, system designs, product manuals, parts lists, and simulation technologies; • manufacturing procedures, such as descriptions of proprietary processes, standards, and waste management processes; • business plans, such as information on contract negotiation positions and product pricing, legal events, mergers, joint ventures, and acquisitions; • policy positions and analysis, such as white papers, and agendas and minutes from meetings involving high ranking personnel; emails of high-ranking employees; and user credentials and network architecture information.
Example
APT1 Target Summary • Since 2006, Mandiant has observed APT1 compromise 141 companies spanning 20 major industries. • APT1 focuses on compromising organizations across a broad range of industries in English-speaking countries. • Of the 141 APT1 victims, 87% of them are headquartered in countries where English is the native language. • The industries APT1 targets match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan.
APT1 Target Summary
APT1 Target Summary
APT1 Attack Lifecycle
Attack Lifecycle Different
APT1 Attack Method Same attack vector but targeted purpose
Some Real World Case Estonia Cyber Attack Russia Cyber attack against Georgia blowing oil refineries KRTV Hijacked for Zombie Attack
Where do we stand ?
Where do we stand ?
Where do we stand ?
Team Cymru Statistic
Team Cymru Statistic
So ? Are there any reasons for not be concerned ?
Thank YOU !! Fade2Green@GMail.com Amien.Green@Spentera.com

Recommandé

Intelligence Collection and Analysis
Intelligence Collection and AnalysisIntelligence Collection and Analysis
Intelligence Collection and Analysisatrantham
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLDJack Kessler
 
Intelligence Cycle
Intelligence CycleIntelligence Cycle
Intelligence CyclePrincess Lyka De Guzman
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draftDamir Delija
 

Recommandé

Intelligence Collection and Analysis
Intelligence Collection and AnalysisIntelligence Collection and Analysis
Intelligence Collection and Analysisatrantham
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLDJack Kessler
 
Intelligence Cycle
Intelligence CycleIntelligence Cycle
Intelligence CyclePrincess Lyka De Guzman
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draftDamir Delija
 
Basic intelligence
Basic intelligenceBasic intelligence
Basic intelligenceJoann Villareal
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallCommonwealth Telecommunications Organisation
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasInterset
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 
Digital forensics
Digital forensics Digital forensics
Digital forensics Adriana Backman
 
Ajs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comAjs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comHarrisGeorg5
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.guestcf6f5b
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionInterset
 
Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2FRSecure
 
Ch 1 assets
Ch 1 assetsCh 1 assets
Ch 1 assetsDheeraj Sadawarte
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 
AJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comAJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comLeoTolstoy17
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Maurice Dawson
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainIBM Security
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...PLUMgrid
 

Contenu connexe

Tendances

Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasInterset
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 
Ajs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comAjs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comHarrisGeorg5
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.guestcf6f5b
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionInterset
 
Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2FRSecure
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 
AJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comAJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comLeoTolstoy17
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Maurice Dawson
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 

Tendances (19)

Basic intelligence
Basic intelligenceBasic intelligence
Basic intelligence
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wall
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fick
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence Agencies
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Ajs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comAjs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.com
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
 
Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2
 
Ch 1 assets
Ch 1 assetsCh 1 assets
Ch 1 assets
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
 
AJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.comAJS 524 Enhance teaching - tutorialrank.com
AJS 524 Enhance teaching - tutorialrank.com
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15
 

En vedette

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainIBM Security
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...PLUMgrid
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
InduSoft System security webinar 2012
InduSoft System security webinar 2012InduSoft System security webinar 2012
InduSoft System security webinar 2012AVEVA
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler Cyphort
 
Security best practices
Security best practicesSecurity best practices
Security best practicesAVEVA
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?anupriti
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 

En vedette (19)

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - Public
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
InduSoft System security webinar 2012
InduSoft System security webinar 2012InduSoft System security webinar 2012
InduSoft System security webinar 2012
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
 
Security best practices
Security best practicesSecurity best practices
Security best practices
 
Osorio antonhy 3 b
Osorio antonhy 3 bOsorio antonhy 3 b
Osorio antonhy 3 b
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data Breach
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 

Similaire à Amien Harisen - APT1 Attack

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
 
Target attack (hkust gold edition)(public version)
Target attack (hkust gold edition)(public version)Target attack (hkust gold edition)(public version)
Target attack (hkust gold edition)(public version)Anthony Lai
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Cyber_Security_Issues_and_Challenges.pptx
Cyber_Security_Issues_and_Challenges.pptxCyber_Security_Issues_and_Challenges.pptx
Cyber_Security_Issues_and_Challenges.pptxGracePeter10
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedHow Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedJerry Paul Acosta
 
APCERT Updates
APCERT UpdatesAPCERT Updates
APCERT UpdatesAPNIC
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Mims_Resume_Aug122016
Mims_Resume_Aug122016Mims_Resume_Aug122016
Mims_Resume_Aug122016Ronald Mims
 
A Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksA Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksEditor IJCATR
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteDamir Delija
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceValdez Ladd MBA, CISSP, CISA,
 

Similaire à Amien Harisen - APT1 Attack (20)

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPs
 
Target attack (hkust gold edition)(public version)
Target attack (hkust gold edition)(public version)Target attack (hkust gold edition)(public version)
Target attack (hkust gold edition)(public version)
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Cyber_Security_Issues_and_Challenges.pptx
Cyber_Security_Issues_and_Challenges.pptxCyber_Security_Issues_and_Challenges.pptx
Cyber_Security_Issues_and_Challenges.pptx
 
C
CC
C
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
 
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a BreachCSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
 
Deliovering Secure e-Goverment Facilities in Africa
Deliovering Secure e-Goverment Facilities in AfricaDeliovering Secure e-Goverment Facilities in Africa
Deliovering Secure e-Goverment Facilities in Africa
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedHow Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is Implemented
 
APCERT Updates
APCERT UpdatesAPCERT Updates
APCERT Updates
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Mims_Resume_Aug122016
Mims_Resume_Aug122016Mims_Resume_Aug122016
Mims_Resume_Aug122016
 
A Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksA Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer Networks
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidente
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Presentation1
Presentation1Presentation1
Presentation1
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
 

Plus de Indonesia Honeynet Chapter

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureIndonesia Honeynet Chapter
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyIndonesia Honeynet Chapter
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesIndonesia Honeynet Chapter
 

Plus de Indonesia Honeynet Chapter (8)

Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health Security
 
Karunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident HandlingKarunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident Handling
 
Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013
 
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident Updates
 

Dernier

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Dernier (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Amien Harisen - APT1 Attack

  • 1. Advanced Persistent Threat Be Aware or Be Conquered
  • 2. Introduction Amien H. Rosyandino / Green ID-SIRTII (2009- 2012) Spentera (2013 – Now) InfoSec Enthusiast Research : • Honeypot • Attack Pattern / APT Analysis • Malware Analysis • Computer Forensics
  • 3. Fire Sale (is it a myth ?) • Take Out Transportation • Take Out Financial Base & Telecoms • Take Out the Utilities & Power Three Step Systematic Attack
  • 4. Definition • The term originally referred to nation-states engaging in cyber espionage. • What distinguishes an APT from other threats is that it is targeted, persistent, evasive and advanced. • APTs target specific organizations with the purpose of stealing specific data or causing specific damage.
  • 5. Stux Net • It is the first discovered malware that spies on and subverts industrial systems. • Discovered in June 2010 and it is believed to have been created by the United States and Israel to attack Iran's nuclear facilities • The worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes. • On 1 June 2012, an article in The New York Times said that Stuxnet is part of a U.S. and Israeli intelligence operation called "Operation Olympic Games", started under President George W. Bush and expanded under President Barack Obama.
  • 6. Introducing APT1 • World next publicly available comprehensive report on Advanced Persistent Threat • Provided by Mandiant (www.mandiant.com) • It’s a nickname for a group that being government sponsored for doing specific attack and specific purpose • China is the suspected government that sponsored the group
  • 7. APT1 Group Structure • APT1 is believed to be the 2nd Bureau of the PLA GSD 3rd Dept, with MUCD Unit 61398 • For the Estimation Unit 61398 is staffed by hundreds, and perhaps thousands of people based on the size of Unit 61398’s physical infrastructure • Unit 61398 is partially situated on Datong Road (大同路) in Gaoqiaozhen (高桥镇), which is located in the Pudong New Area (浦东新区) of Shanghai (上海). The central building in this compound is a 130,663 square foot facility that is 12 stories high and was built in early 2007 • Unit 61398 requires its personnel to be trained in computer security and computer network operations and also requires its personnel to be proficient in the English language
  • 10. APT1 Data Breach Summary • APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously. • Once APT1 has established access, they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership. • The longest time period APT1 maintained access to a victim’s network was 1,764 days, or four years and ten months. • Among other large-scale thefts of intellectual property, we have observed APT1 stealing 6.5 terabytes of compressed data from a single organization over a ten-month time period.
  • 11. APT1 Data Theft • Product development and use, including information on test results, system designs, product manuals, parts lists, and simulation technologies; • manufacturing procedures, such as descriptions of proprietary processes, standards, and waste management processes; • business plans, such as information on contract negotiation positions and product pricing, legal events, mergers, joint ventures, and acquisitions; • policy positions and analysis, such as white papers, and agendas and minutes from meetings involving high ranking personnel; emails of high-ranking employees; and user credentials and network architecture information.
  • 13. APT1 Target Summary • Since 2006, Mandiant has observed APT1 compromise 141 companies spanning 20 major industries. • APT1 focuses on compromising organizations across a broad range of industries in English-speaking countries. • Of the 141 APT1 victims, 87% of them are headquartered in countries where English is the native language. • The industries APT1 targets match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan.
  • 18. APT1 Attack Method Same attack vector but targeted purpose
  • 19. Some Real World Case Estonia Cyber Attack Russia Cyber attack against Georgia blowing oil refineries KRTV Hijacked for Zombie Attack
  • 20. Where do we stand ?
  • 21. Where do we stand ?
  • 22. Where do we stand ?
  • 25. So ? Are there any reasons for not be concerned ?