Posted by Martijn Grooten on Feb 17, 2017
Ever since Mandiant released its APT1 report four years ago, reports on advanced attack groups have been an important fixture in the security industry. These reports are great for gaining an understanding of how such groups operate and, as a not insignificant aside, a nice PR exercise for the companies that publish them.
However, one aspect may be overlooked: they also provide free QA for the threat actors, who often respond quickly and stop making the mistakes that led to their activities being discovered. This is what worried industry veterans Gadi Evron (Cymmetria) and Inbar Raz (Perimeter X), so they got together and wrote a paper on the subject, which they presented at VB2016 in Denver.
Today, we publish that paper, "APT reports and OPSEC evolution, or: these are not the APT reports you are looking for", in both HTML and PDF format. We have also uploaded the video to our YouTube channel.
Has your organization been attacked by an APT group? Of have you noticed how APT groups evolve because of reports detailing their activity? We'd like to hear from you. Submit an abstract for VB2017 (CFP deadline: 19 March) for a chance to present your research in Madrid, 4-6 October.