Events

First Annual Cyberwarcon

Cyberwarcon is a brand new event organized yesterday in Arlington, Virginia, and delivered eight hours of fantastic content. “CyberwarCon is a one-day conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our society through cyber capabilities. We are increasingly concerned that aggressive behavior in this space is not abating and public discourse is necessary to shore up our defenses and prepare for inevitable incidents”. The list of speakers was diverse in their interests, from big data visualization technologies and analysis of social media misinformation campaigns, to incidents of Russian speaking APT in the US electrical grid. Thomas Rid keynoted with a presentation full of newly unearthed images and details on the earliest known misinformation campaign targeting the US, with some hints of what is to come for his upcoming book “Active Measures: A History of Disinformation”, certain to be another fascinating study and read. The full agenda can be found here.

Cyberwarcon badge

Our participation included my lightning talk presentation “Barely Whispering – Recent RU-speaking APT findings”. I attempted to clarify several transitively related clusters of RU-speaking APT activity and resources that we label Sofacy, BE/GreyEnergy, Zebrocy, and an advanced cluster, Hades, and introduced some data points new to public discussion about the groups. Three have exhibited disruptive and destructive behavior. It’s nice to see that some of the information I mentioned yesterday, Zebrocy’s nine month long and increasingly large wave of spearphishing, is in the news today. I briefly mentioned that their remote template spearphishing techniques, along with a switch back to the Delphi backdoor from a C# “Cannon” backdoor, was spreading to western networks. Timely stuff.

Check out the images and tweets at #CYBERWARCON. Hope to see you next year!

First Annual Cyberwarcon

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

Subscribe to our weekly e-mails

The hottest research right in your inbox