VB2016 video: On the StrongPity waterhole attacks targeting Italian and Belgian encryption users

Posted by   Martijn Grooten on   Dec 20, 2016

Last week, Microsoft published a paper on two attack groups, dubbed PROMETHIUM and NEODYMIUM, that targeted individuals in Europe and that both used the then unknown and unpatched vulnerability CVE-2016-4117 in Abobe Flash Player.

However, Microsoft wasn't the first company to write about the PROMETHIUM group and the Truvasys malware it used. At VB2016 in Denver, Kaspersky Lab researcher Kurt Baumgartner gave a presentation on the same group, which Kaspersky calls StrongPity, and which used watering hole attacks to target the users of encryption tools such as TrueCrypt and WinRAR.

kurt-true-crypt-1.png

We have now uploaded the video of Kurt's presentation to our YouTube channel. Since this was a "last-minute presentation" at VB2016, there is no written paper to accompany it, but Kurt did publish an accompanying blog post on Kaspersky's Securelist site.

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

VB2016 video: Last-minute paper: A malicious OS X cocktail served from a tainted bottle

In a VB2016 last-minute presentation, ESET researchers Peter Kalnai and Martin Jirkal looked at the OS X malware threats KeRanger and Keydnap, that both spread through a compromised BitTorrent client. A recording of their presentation is now…

Consumer spyware: a serious threat with a different threat model

Consumer spyware is a growing issue and one that can have serious consequences: its use is increasingly common in domestic violence. But do our threat models consider the attacker with physical access to, and inside knowledge of the victim?

VB2016 paper: Debugging and monitoring malware network activities with Haka

In their VB2016 paper, Stormshield researchers Benoît Ancel and Mehdi Talbi introduced Haka, an open-source language to monitor, debug and control malicious network traffic. Both their paper and the video recording of their presentation are now…

VB2017: a wide ranging and international conference programme

We are proud to announce a very broad and very international programme for VB2017, which will take place in Madrid, 4-6 October 2017.

John Graham-Cumming and Brian Honan to deliver keynote addresses at VB2017

Virus Bulletin is excited to announce John-Graham Cumming and Brian Honan as the two keynote speakers for VB2017 in Madrid.