"We Are About to Land": How CloudDragon Turns a Nightmare Into Reality

Presented at Black Hat Asia 2021 Virtual, May 7, 2021, 11:20 a.m. (40 minutes).

<div><span>On October 27th, 2020, the Cybersecurity & Infrastructure Security Agency of the United States (CISA) jointly with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber National Mission Force (CNMF) released an alert on the TTP of North Korea APT group Kimsuky.</span></div><div><span><br></span></div><div><span>Two years ago, on TheSAS2018, TeamT5 shared our research on the group CloudDragon. After our continuous tracking, we found there are significant differences among their operations which should then be divided into two groups, CloudDragon and KimDragon.</span></div><div><span><br></span></div><div><span>Moreover, new techniques and weapons were observed, including:</span></div><div><span>1. Supply Chain Attack</span></div><div><span>2. Cross-platform Attack</span></div><div><span>3. New Phishing Tricks</span></div><div><span><br></span></div><div><span>In this presentation, we will focus on CloudDragon, go through some of the most significant operations conducted by the group, and more importantly, we will provide possible scenarios of future invasions for defense and detection.</span></div>

Presenters:

  • Jhih-Lin Kuo - Senior Threat Intelligence Analyst, TeamT5
    Jhih-Lin Kuo is currently a Senior Threat Intelligence Analyst working in TeamT5. She devoted herself to cyber intelligence research especially in APT attacks and financial intrusions. She is also a frequent speaker at international conferences and private seminars, including CODEBLUE, HITCON, FIT, etc.
  • Zih-Cing Liao - Senior Threat Intelligence Researcher, TeamT5
    Zih-Cing Liao is a Senior Threat Intelligence Researcher from TeamT5. He plays CTF and is interested in reversing, exploit and web security. In TeamT5, he is responsible for improving automated threat hunting and developing tools to accelerate research. He is actively involved in the security community and publishes research at international conferences.

Links:

Similar Presentations: