Exploring the Chinese DDoS landscape

Presented at VB2019, Oct. 4, 2019, 2:30 p.m. (30 minutes).

Distributed denial-of-service attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated botnets targeting enterprises. Chinese threat actors in particular have predominantly deployed DDoS attacks in their cyber campaigns, and China has emerged as having one of the highest rates of DDoS attacks. During this presentation, *Intezer* researcher Nacho Sanmillan will provide an overview of the Chinese DDoS landscape and discuss the current state of ChinaZ, a threat actor group notorious for targeting *Windows* and *Linux* systems with botnets since November 2014. He will also provide context into Nitol, a malware family with alleged Chinese origins and a prominent player in the DDoS ecosystem. Nacho will present the various methods employed to discover ChinaZ and Nitol's servers and analyse code reuse relationships with groups such as MrBlack and Iron Tiger APT.

Presenters:

  • Nacho Sanmillan - Intezer
    Nacho Sanmillan Nacho is a security researcher specializing in reverse engineering and malware analysis. Nacho plays a key role in Intezer's malware hunting and investigation operations, analysing and documenting new undetected threats. Some of his latest research involves detecting new Linux malware and finding links between different threat actors. Nacho is an adept ELF researcher, having written numerous papers and conducted projects implementing state-of-the-art obfuscation and anti-analysis techniques in the ELF file format. @ulexec

Links:

Similar Presentations: