Strategic website compromises, also known as wateringhole attacks, have been hitting the news since at least 2009. Over time, multiple other APT groups have adopted this attack strategy, including the Equation Group, Animal Farm, LuckyMouse/Emissary Panda, WildNeutron, Turla, DarkHotel and C0d0so0 to name just a few.
However, the most interesting attacks have always come from unattributed APT groups, which are extremely cautious and keep a very low profile, or excel in OPSEC, allowing them to keep TTPs different enough so that each incident has only loose ties with previous ones, or no connections at all.
During recent months, we've been tracking a couple of advanced threat actors involved in strategic website compromises, with the group known as ScarCruft being one of them. In June 2016, we reported a zero-day exploit to Adobe, which was used by ScarCruft in a number of targeted attacks. In parallel, a connected operation used older exploits which targeted visitors to a number of strategic web resources related to nuclear research and to the Olympic Games in Rio.
The presentation will cover:
Costin G. Raiu
Costin specializes in analysing advanced persistent threats and high-level malware attacks. He leads the Global Research and Analysis Team (GReAT) at Kaspersky Lab that researched the inner workings of Stuxnet, Duqu, Flame, Careto and, more recently, Carbanak and the Equation group.
Costin has over 20 years of experience in developing anti-virus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board and a member of the Computer AntiVirus Researchers' Organization (CARO). Prior to joining Kaspersky Lab, Costin worked for GeCad as Chief Researcher within the RAV anti-virus division.
Costin joined Kaspersky Lab in 2000. Prior to becoming Director of the Global Research & Analysis Team in 2010, Costin held the position of Chief Security Expert, overseeing research efforts in the EEMEA region. Some of his hobbies include chess, high precision arithmetic, cryptography, chemistry, photography and science fiction literature.