Distributed denial-of-service attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated botnets targeting enterprises. Chinese threat actors in particular have predominantly deployed DDoS attacks in their cyber campaigns, and China has emerged as having one of the highest rates of DDoS attacks.
During this presentation, Intezer researcher Nacho Sanmillan will provide an overview of the Chinese DDoS landscape and discuss the current state of ChinaZ, a threat actor group notorious for targeting Windows and Linux systems with botnets since November 2014. He will also provide context into Nitol, a malware family with alleged Chinese origins and a prominent player in the DDoS ecosystem. Nacho will present the various methods employed to discover ChinaZ and Nitol's servers and analyse code reuse relationships with groups such as MrBlack and Iron Tiger APT.
Nacho is a security researcher specializing in reverse engineering and malware analysis. Nacho plays a key role in Intezer's malware hunting and investigation operations, analysing and documenting new undetected threats. Some of his latest research involves detecting new Linux malware and finding links between different threat actors. Nacho is an adept ELF researcher, having written numerous papers and conducted projects implementing state-of-the-art obfuscation and anti-analysis techniques in the ELF file format.
Abhishek Singh (Prismo Systems)
Ramesh Mani (Prismo Systems)
Lion Gu (Qi An Xin Threat Intelligence Center)
Bowen Pan (Qi An Xin Threat Intelligence Center)
Lotem Finkelstein (Check Point)
Oded Awaskar (Check Point)