Last-minute paper: Exotic APT Attacks with Deception, Zero-Days and Waterholes

Strategic website compromises, also known as wateringhole attacks, have been hitting the news since at least 2009. Over time, multiple other APT groups have adopted this attack strategy, including the Equation Group, Animal Farm, LuckyMouse/Emissary Panda, WildNeutron, Turla, DarkHotel and C0d0so0 to name just a few.

However, the most interesting attacks have always come from unattributed APT groups, which are extremely cautious and keep a very low profile, or excel in OPSEC, allowing them to keep TTPs different enough so that each incident has only loose ties with previous ones, or no connections at all.

During recent months, we've been tracking a couple of advanced threat actors involved in strategic website compromises, with the group known as ScarCruft being one of them. In June 2016, we reported a zero-day exploit to Adobe, which was used by ScarCruft in a number of targeted attacks. In parallel, a connected operation used older exploits which targeted visitors to a number of strategic web resources related to nuclear research and to the Olympic Games in Rio.

The presentation will cover:

  • An overview of high-profile watering hole attacks from top APT actors
  • Previously unknown details about waterhole attacks from both known and unknown APT actors
  • Information about the victims and targets of these groups
  • Detection and mitigation strategies
  • A system we have designed and implemented to identify SWCs and zero-day exploits.


Click here for more details about the conference.


Costin G. Raiu

Costin specializes in analysing advanced persistent threats and high-level malware attacks. He leads the Global Research and Analysis Team (GReAT) at Kaspersky Lab that researched the inner workings of Stuxnet, Duqu, Flame, Careto and, more recently, Carbanak and the Equation group.

Costin has over 20 years of experience in developing anti-virus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board and a member of the Computer AntiVirus Researchers' Organization (CARO). Prior to joining Kaspersky Lab, Costin worked for GeCad as Chief Researcher within the RAV anti-virus division.

Costin joined Kaspersky Lab in 2000. Prior to becoming Director of the Global Research & Analysis Team in 2010, Costin held the position of Chief Security Expert, overseeing research efforts in the EEMEA region. Some of his hobbies include chess, high precision arithmetic, cryptography, chemistry, photography and science fiction literature.