Operation Arachnophobia: The Web Unravels

Presented at ToorCon San Diego 16 (2014), Oct. 25, 2014, 3 p.m. (50 minutes)

Cyber Squared Inc.’s ThreatConnect Intelligence Research Team (TCIRT) tracks a number of threat groups around the world. We first discovered a suspected Pakistani threat group in 2013, and have since followed their activity and found new observations and insight into the group and its tactics that we call, “Operation Arachnophobia”. Working in collaboration with FireEye Labs, the TCIRT team has discovered evidence pointing to this groups continued exploitation operations using custom malware, dubbed BITTERBUG by FireEye. Join us for an in-depth discussion on this exploitation activity and suspicious actions, including: - A deep dive into threat actors who are probably affiliated with a commercial Pakistan-based hosting provider who leased command and control infrastructure from within the United States. - An update to customized malware (BITTERBUG) used by Pakistani-based threat actors that has only been observed hosted on and communicating with two IP addresses operated by a commercial Pakistan-based hosting provider. - An overview of employees at the Pakistan-based companies, noted within the report, who also appear within each other’s social networks.

Presenters:

• Mike Oppenheim
  Michael Oppenheim, “Opp”, is a Principal Threat Intelligence Analyst at FireEye Labs. He has spent almost 10 years as an analyst supporting the Department of Defense and Intelligence Community. He has served in a variety of roles related to threat intelligence and security operations.
• Chris Phillips
  Chris Phillips is a threat intelligence analyst at FireEye Labs. He has spent more than 10 years as an analyst in the security field in both private and government sector positions. He has served in a variety of roles related to threat intelligence, security operations, computer forensics, and geopolitical analytics.
• Rich Barger
  Rich is a pioneer in threat intelligence analysis and is the Chief Intelligence Officer and Director of Threat Intelligence at Cyber Squared Inc. After watching China vacuum up most of the world’s intellectual property for a little over a decade, Rich sought likeminded security experts and together they founded Cyber Squared. Rich has more than 15 years supporting DC’s most elite cyber defense and intelligence organizations from within both public and private sector as former U.S. Army Intelligence Analyst and security consultant. In 2011, Rich abandoned any resemblance of a social life and sleep, to better serve the community he loves, and chose a “choose your own adventure” career by fusing intelligence analysis and technical administration. Rich is an analyst at heart, and his technical and operational vision is truly what makes ThreatConnect a disruptive new technology for organizations worldwide. Within months Rich conceptualized and delivered the ThreatConnect Intelligence Research Team (TCIRT) as a globally recognized threat research team. Rich maintains a variety of professional industry certifications, and a BS in Information System Security.

Similar Presentations:

• VB2017 / Walking in your enemy's shadow: when fourth-party collection becomes attribution hell
• Black Hat USA 2016 / Towards a Holistic Approach in Building Intelligence to Fight Crimeware