These attackers had a plan, they acted upon their plan, and they were successful. In my first presentation, given at Black Hat EU in 2013, I covered a robust ICS honeynet that I developed, and who was really attacking them. In this talk, I cover many of the same concepts, but I go several steps further- profiling the attackers that exploited my ICS honeynet.
This talk will profile, provide intelligence, and list actors that attacked my ICS honeypot environment. This talk will also feature a demo of the attackers in progress, exfiltrating perceived sensitive data. In addition, I will discuss in greater detail how I geo-located these individuals, and tracked their movements, operations, and attacks.
Some of the findings are truly surprising and substantial, and my not be what you think they are. This talk will release brand new statistics and attack details seen nowhere else in the ICS community.