Friday 30 September 2022, 09:00 - 09:30
THIS PRESENTATION WILL BE GIVEN REMOTELY
Shengbin Bao (Zhongfu Info)
DarkHotel is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against travelling executives and other select guests. DarkHotel has also conducted spear-phishing campaigns and infected victims through peer-to-peer and file sharing networks.
During the past year we were able to hunt a new cluster of the group’s activities in East Asia. We learned that the group upped its game and used supply chain attack in East Asia. The highly targeted nature of this campaign and the assets the actors sought to obtain suggest that we witnessed a premeditated and well-orchestrated intelligence-gathering operation.
In this talk we will reveal some of the fine-grained details about the espionage story that underlies our investigation. Through analysis notes and the investigation timeline, we will focus on the novel malware TTPs in the group’s arsenal. Additionally, we will describe some of our unique and formerly unknown findings, and show the ATT&CK playbook of hunting and simulating DarkHotel’s attack.
 |
Shengbin Bao Shengbin Bao (@BaoshengbinCumt) is a senior security researcher at Zhongfu Info's YuanHeng Lab, based in China. After previously working as a researcher in Trend Micro’s malware research team and Qihoo 360 BAS (Breach & Attack Simulation) team, he is focused mainly on threat hunting and BAS, digging up its underlying stories and profiling the actors behind it. Today he is tasked with breaking down implants and campaigns in the realm of APT and putting it all into intelligence reports for Zhongfu’s customers. Shengbin has previously presented some of his work at security conferences including Kanxue, KCon and ISC. |
