King of the hill: nation-state counterintelligence for victim deconfliction

Friday 4 October 14:30 - 15:00, Green room

Juan Andres Guerrero-Saade (Chronicle)

Cyber situational awareness is the ultimate outcome of mature threat intelligence. Though we normally think of threat intelligence as a defender’s practice, extensive study of advanced cyberespionage operations reveals that attackers are engaged in a similar activity. Defenders apply threat intelligence insights to ensure that attackers don’t gain persistent access to their enterprise machines. Similarly, attackers monitor for the presence of other threat actors to ensure that they’re the sole owners of a given victim box. While allied organizations engage in a bureaucratic process of victim deconfliction, it turns out that adversarial organizations have turned to embedding anti-virus-like techniques into their malware in order to do the same. This paper will focus on in-the-wild examples of these techniques and provide a conceptual framework for understanding adversarial deconfliction and its ramifications.




Juan Andrés Guerrero-Saade

Juan Andrés is Research Tsar at Chronicle, tracking cyberespionage groups. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky's GReAT team, focusing on targeted attacks, and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. Juan Andrés comes from a background of specialized research in philosophical logic. His publications include 'The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage', 'Wave your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks’, and 'Walking in your Enemy's Shadow: When Fourth-Party Collection Becomes Attribution Hell''


   Read paper    Watch video

Back to VB2019 Programme page

Other VB2019 papers

VB2019 opening address

Martijn Grooten (Virus Bulletin)

Static analysis methods for detection of Microsoft Office exploits

Chintan Shah (McAfee)

A study of Machete cyber espionage operations in Latin America

Veronica Valeros (Czech Technical University in Prague)
Maria Rigaki (Czech Technical University in Prague)
Kamila Babayeva (Czech Technical University in Prague)
Sebastian Garcia (Czech Technical University in Prague)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.