Friday 2 October 14:30 - 15:00, Green roomYaniv Balmas (Check Point Software Technologies)
Shahar Tal (Check Point Software Technologies)
Ron Davidson (Check Point Software Technologies) download slides (PDF)APT campaigns are typically described with awe surrounding technical achievements enabled by the level of resources and capacity conceivably available to nation-state governments and intelligence agencies alone, often dubbed APT groups. These reports contribute to the perception of a very high technological barrier-to-entry to the advanced targeted campaign 'market'.This talk will present in detail our investigation of a carefully orchestrated targeted campaign that had been active since 2012 until interrupted by our Threat Research operation in 2015. This attacker group was observed employing several attack techniques, exploiting vulnerabilities and notably operating a custom-made malware implant codenamed Explosive.As the investigation unfolded, our researchers collected evidence of this campaign successfully infiltrating many organizations, with a target distribution strongly aligned with a nation-state/political group interest.A closer inspection of this never-before-seen malware took our researchers by surprise. Expecting a technical masterpiece of well-trained secret agents and world-class cryptographers, Explosive turned out to be the creation of mere mortal developers with an astute persistency and determination. Despite the unremarkable technical nature of the implant, the attackers had near-flawless success in gathering intelligence while remaining covert and undetected by common security solutions.We unravel the campaign one technical feature at a time, using the opportunity to educate the audience, debunking common malware myths, ultimately detailing our attribution of the attacker group.Click here for more details about the conference.