Exploring the Chinese DDoS landscape

Friday 4 October 14:30 - 15:00, Small talks

Nacho Sanmillan (Intezer)

Distributed denial-of-service attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated botnets targeting enterprises. Chinese threat actors in particular have predominantly deployed DDoS attacks in their cyber campaigns, and China has emerged as having one of the highest rates of DDoS attacks.

During this presentation, Intezer researcher Nacho Sanmillan will provide an overview of the Chinese DDoS landscape and discuss the current state of ChinaZ, a threat actor group notorious for targeting Windows and Linux systems with botnets since November 2014. He will also provide context into Nitol, a malware family with alleged Chinese origins and a prominent player in the DDoS ecosystem. Nacho will present the various methods employed to discover ChinaZ and Nitol's servers and analyse code reuse relationships with groups such as MrBlack and Iron Tiger APT.




Nacho Sanmillan

Nacho is a security researcher specializing in reverse engineering and malware analysis. Nacho plays a key role in Intezer's malware hunting and investigation operations, analysing and documenting new undetected threats. Some of his latest research involves detecting new Linux malware and finding links between different threat actors. Nacho is an adept ELF researcher, having written numerous papers and conducted projects implementing state-of-the-art obfuscation and anti-analysis techniques in the ELF file format.


   Read paper    Watch video

Back to VB2019 Programme page

Other VB2019 papers

For reserve paper

Reserve speaker (TBA)

APT cases exploiting vulnerabilities in region-specific software

Shusei Tomonaga (JPCERT/CC)
Tomoaki Tani (JPCERT/CC)
Hiroshi Soeda (JPCERT/CC)
Wataru Takahashi (JPCERT/CC)

Exploring the Chinese DDoS landscape

Nacho Sanmillan (Intezer)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.