Thursday 1 October 16:00 - 16:30, Green room
Kurt Baumgartner (Kaspersky Lab)
download slides (PDF)
Well resourced actors orbit their targets cloaked in anonymity and silence. But often artifacts in their code and infrastructure link commonalities across years of campaigns, clustering peripheral objects to their activity. We'll examine one of these mystery encrypted comets from prior years' activity, and examine overlapping infrastructure with these early operations.
Recent developments in ongoing Turla activity have underscored a push to meet the opsec needs of anonymity and reliability. C&C seizure must not have been an option, so Turla moved to the stars and began to hijack satellite communications. Let's look to constellations of Turla activity, technical needs and aspects of those satcomm activities, and estimate the light years they may have endured in the sky. Choosing the right telescope for an analysis review can bring data from the skies back down to earth.
Sometimes it's like a cluster of asteroids crashed into your backyard.