It’s commonly stated that attribution of cyber activity is an art, not a science. This adage could not be more applicable to Iran-based cyber activity, as contract organizations, recruitment from hacker communities, and operators running independent self-serving campaigns muddy the attribution waters.
In this session, Allison will rant, sorry… talk about some of the unique attribution challenges around Iran-based intrusion sets using case studies from open-source information and proprietary research. Specifically, case studies will cover the overlap in tools, techniques and procedures (TTPs) by several distinct intrusion sets–including the ones known respectively as “Oilrig,” “TortoiseShell,” and “Charming Kitten”–using the diamond model of intrusion analysis as the framework for attribution.
Through her presentation, Allison would like to reiterate how threat intelligence work can be critical both when shoring up defenses, and when responding to incidents. Attendees will walk away with an understanding of Iran-based cyber threat actors’ TTPs, appreciation for attribution complexities around Iranian intrusions, and a better understanding about why attribution matters.