Presented at
Black Hat USA 2020 Virtual,
Aug. 5, 2020, 11 a.m.
(40 minutes)
While 2020 is the Year of the Rat for the Chinese, it's felt more like the Decade of the RATs. In this talk, I reveal a nearly decade-long, undetected, state-sponsored effort to strategically target the Linux servers that comprise the backbone of modern-day government and industry. Having discovered a full stack of handcrafted, tailored, Linux malware, from interactive installation script to kernel rootkits to the attacker's control panel, I was able to construct a rare and uniquely detailed narrative of a concerted espionage effort.<br><br>The talk reveals how five Chinese APT groups that originally stemmed from the notorious WINNTI collective formed a Linux splinter cell. Set against the backdrop of recent, renewed efforts by the US Department of Justice to expose and prosecute Chinese espionage, the talk sheds light on a new and troubling chapter in an otherwise old story of Chinese IP theft - one that crosses into the Android and Windows platforms as well. The talk demonstrates how the attackers successfully preyed upon defender assumptions regarding the security of Linux, the treatment of Windows adware, and the overall deployment of security products and services. <br><br>Finally, attendees will also encounter new and intriguing questions, including: <br><ul><li>Is a Chinese APT group behind the development of one of the most widely used, commercially available RATs for mobile?</li><li>Is WINNTI responsible for the creation of the largest known Linux DDoS botnet?</li></ul>
Presenters:
-
Kevin Livelli
- Director of Threat Intelligence, BlackBerry
Kevin Livelli has spent nearly 20 years conducting and managing complex, often high-profile investigations at leading organizations within the fields of cybersecurity, law enforcement, and journalism. He has developed fluency in both the technical underpinnings and broader policy implications of computer network operations. As Director of Threat Intelligence at BlackBerry (formerly Cylance), he acts as chief analyst for the company's major threat intelligence products. His work in cyber follows nearly a decade at CBS News 60 MINUTES, where his top-tier investigative journalism and reporting on national security were recognized with several awards, including a Peabody for an early segment about cyber. His career began in public service in New York City, supervising investigations at the nation's largest independent police oversight agency. He is an honors graduate of Dartmouth, with master's degrees from Trinity College Dublin and Columbia University.
Links:
Similar Presentations: