Skip to content

3 things you didn't know about APTs (2015)

The speaker, Adam Myers, is VP of Intelligence at Crowdstrike.

Talk on YouTube

Over a long campaign, it's hard for attackers to stay anonymous

  • A Chinese hacker registered a domain with PLA headquarters as the address
  • North Korean malware has dates important to the Korean War

Knowing geopolitics helps you understand the motivations of APTs

  • Chinese hackers attacked Middle East experts at a think tank on the day ISIS took over a city in Iraq
  • China gets a lot of oil from Iraq, so it wanted to see how US was planning to respond
  • That way, China could secure its oil imports from Iraq appropriately
  • Governments may hack for intelligence, not just data

APTs are only advanced when they have to be

  • Why would an APT waste a 0day when they don't have to?
  • To respond to a targeted threat, don't just start blocking IOCs/hashes/etc
  • Study their TTPs, figure out what PCs/accounts they hacked, and have a remediation weekend