A vine climbing over the Great Firewall: a long-term attack against China

Presented at VB2019, Oct. 2, 2019, 11:30 a.m. (30 minutes).

In this talk, we will expose a little-known APT group, PoisonVine, and its long history of cyber espionage activities dating back 11 years. The group is keen on Chinese entities, and aims to harvest political and military intelligence. The group's targets include government agencies, military personnel, research institutes, and maritime agencies. The group has compromised multiple entities successfully and was still active in 2018. We will introduce the group's campaigns in detail, including malware, vulnerabilities, infrastructure and TTP. Furthermore, we will shed light on attack impact and actor attribution thanks to mistakes made by the group when they were storing all stolen data - including profiles of victim machines and sensitive documents - in cloud storage at the data exfiltration stage.


Presenters:

  • Lion Gu - Qi An Xin Threat Intelligence Center
    Lion Gu Lion Gu is a security analyst in the Qi An Xin Threat Intelligence Center. He has been a security professional for over 15 years. He graduated with a B.A. in electrical engineering and holds several security certificates, including CISSP, CEH and CCNP. His interests covers all aspect of cybersecurity, in particular malware analysis, cybercrime in general, and web security. He is an active member of the local security community, where he helps businesses, academic institutions and governments to improve their security. He has presented at a number of security industry conferences, including Black Hat, RSA, AVAR, and CNCERT Annual. He was formerly part of Trend Micro's Forward-looking Threat Research Team.
  • Bowen Pan - Qi An Xin Threat Intelligence Center
    Bowen Pan Bowen Pan is a senior threat analyst at the Qi An Xin Threat Intelligence Center, with more than eight years' experience of working in security. Bowen spent several years researching mobile security and mobile threat analysis, and discovered and reported a rookit-like malware on the Android platform named Poisoncake. Bowen now focuses on APT threat analysis and hunting, with particular interest in threat intelligence and other threat analyst principles. He spoke on the subject of "Leverage OSINT on APT group tracing" at the FIRST Regional Symposium Asia-Pacific forum in October 2018.

Links:

Similar Presentations: