Big Game Hunting: The Peculiarities of Nation-State Malware Research

by Morgan Marquis-Boire, Marion Marschalek, Claudio Guarnieri
Sept. 18, 2017 1 comment Black Hat belen_caty Detection & Response incident handling

The security industry focus on state-sponsored espionage is a relatively recent phenomenon. Since the Aurora Incident brought nation-state hacking into the spotlight, there's been high profile reports on targeted hacking by China, Russia, U.S.A, Israel, to name a few. This has lead to the rise of a lucrative Threat intelligence business, propelling marketing and media campaigns and fueling political debate. This talk will cover the idiosyncrasies of nation-state malware research using the experiences of presenters in the 'Threat Analyst Sweatshop.' Regin (aka WARRIORPRIDE, allegedly written by the Five Eyes) and Babar (aka SNOWGLOBE, allegedly written by France) will be used as case studies in examining attribution difficulties. Additionally, we'll examine attributing commercially written offensive software (implants and exploits) and the (mostly negative) vendor responses.

Steven Ulm 6 months ago

Case studies and malware. Sounds like I'm in college all over again haha :) Thank you for sharing it with us. Extremely interesting stuff!