Operation Sentry Stopper: A Long-Standing Cyber Espionage

Friday 7 October 14:00 - 14:30, Green room

Lenart Bermejo (Trend Micro)
Mingyen Hsieh (Trend Micro)
Razor Huang (Trend Micro)

We have been observing an attack against certain targets in the financial industry. Evidence suggests that this attack has been active since as early as 2009, and it remains very active today, utilizing several techniques to perform long-term espionage on its targets.

This paper will talk about the targeted cyber-espionage we call Disabled Sentry (the campaign name is still subject to change). The paper will cover the different malware components used in the attack; their behaviours, which includes maintaining footholds in the network for long-term espionage; their heavy utilization of steganography; mapping and gaining access to the target's network using a network cracker component; stealing sensitive information using various methods; protecting themselves from detection and possible removal by disrupting security products. The paper will also cover other aspects of cyber-espionage such as targeted industries, regions, and other evidence we have acquired related to the campaign.

Click here for more details about the conference.


Lenart Bermejo

Currently, Lenart does APT investigation as well as cyber threat reverse engineering. His research focuses both on targeted attack intelligence and threat solutions. 


Mingyen Hsieh

Mingyen Hsieh is an enthusiast in APT investigation, threat intelligence, reverse engineering and sandboxing. Currently, his goal is to dig into more quality intelligence and to develop an efficient intelligence processing system for the team.


Razor Huang

Razor Huang mainly focuses on targeted attack research, malware analysis and cyber threat correlation. He has delivered presentations at AVAR and AVTOKYO and he has been responsible for virus scanning engine development.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.