1. InfoconDB
  2. Objective by the Sea
  3. Objective by the Sea version 4.0 (2021)
  4. Made In America: Analyzing US Spy Agencies' macOS Implants

Made In America: Analyzing US Spy Agencies' macOS Implants

Presented at Objective by the Sea version 4.0 (2021), Oct. 1, 2021, 4:10 p.m. (50 minutes)

Between 2015 and 2017, offensive cyber-espionage tools belonging to several US intelligence agencies were leaked. This gave security researchers a unique opportunity to gain unparalleled insight into the tradecraft, tools, and capabilities of these secretive organizations.

Amongst these leaks were several macOS implants. One, Green Lambert, was leveraged by the Vault7 group (CIA), while another, DoubleFantasy, belonged to the EquationGroup (NSA).

Interestingly these implants did not receive much public attention, nor were they fully analyzed. This talk aims to rectify this by providing a comprehensive analysis of both. Analyzing these old samples, like cyber paleontologists, allows us to better understand the capabilities of their highly sophisticated creators.

Moreover, the malware analysis approaches we present in this talk are applicable to the study of any macOS malware specimen.


Presenters:

  • Runa A. Sandvik - Security Researcher   as Runa Sandvik
    Runa Sandvik works on digital security for journalists and other high-risk people. Her work builds upon experience from her time at The New York Times, Freedom of the Press Foundation, and The Tor Project.
  • Patrick Wardle - Founder of Objective-See
    Patrick Wardle is the founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

Links:

Similar Presentations: