Operation Sentry Stopper: A Long-Standing Cyber Espionage

Presented at VB2016, Oct. 7, 2016, 2 p.m. (30 minutes)

We have been observing an attack against certain targets in the financial industry. Evidence suggests that this attack has been active since as early as 2009, and it remains very active today, utilizing several techniques to perform long-term espionage on its targets.

This paper will talk about the targeted cyber-espionage we call Disabled Sentry (the campaign name is still subject to change). The paper will cover the different malware components used in the attack; their behaviours, which includes maintaining footholds in the network for long-term espionage; their heavy utilization of steganography; mapping and gaining access to the target's network using a network cracker component; stealing sensitive information using various methods; protecting themselves from detection and possible removal by disrupting security products. The paper will also cover other aspects of cyber-espionage such as targeted industries, regions, and other evidence we have acquired related to the campaign.


  • Razor Huang - Trend Micro
    Razor Huang Razor Huang mainly focuses on targeted attack research, malware analysis and cyber threat correlation. He has delivered presentations at AVAR and AVTOKYO and he has been responsible for virus scanning engine development.
  • Mingyen Hsieh - Trend Micro
    Mingyen Hsieh Mingyen Hsieh is an enthusiast in APT investigation, threat intelligence, reverse engineering and sandboxing. Currently, his goal is to dig into more quality intelligence and to develop an efficient intelligence processing system for the team.
  • Lenart Bermejo - Trend Micro
    Lenart Bermejo Currently, Lenart does APT investigation as well as cyber threat reverse engineering. His research focuses both on targeted attack intelligence and threat solutions.


Similar Presentations: