3 things you didn't know about APTs (2015)
The speaker, Adam Myers, is VP of Intelligence at Crowdstrike.
Over a long campaign, it's hard for attackers to stay anonymous
- A Chinese hacker registered a domain with PLA headquarters as the address
- North Korean malware has dates important to the Korean War
Knowing geopolitics helps you understand the motivations of APTs
- Chinese hackers attacked Middle East experts at a think tank on the day ISIS took over a city in Iraq
- China gets a lot of oil from Iraq, so it wanted to see how US was planning to respond
- That way, China could secure its oil imports from Iraq appropriately
- Governments may hack for intelligence, not just data
APTs are only advanced when they have to be
- Why would an APT waste a 0day when they don't have to?
- To respond to a targeted threat, don't just start blocking IOCs/hashes/etc
- Study their TTPs, figure out what PCs/accounts they hacked, and have a remediation weekend