Aleksandar Milenkoski and Julian-伪装与混乱——中国APTs玩勒索游戏的轨迹.pdf

《Aleksandar Milenkoski and Julian-伪装与混乱——中国APTs玩勒索游戏的轨迹.pdf》由会员分享，可在线阅读，更多相关《Aleksandar Milenkoski and Julian-伪装与混乱——中国APTs玩勒索游戏的轨迹.pdf（22页珍藏版）》请在三个皮匠报告上搜索。

1、Camouflage and ChaosDr.Aleksandar Milenkoski(SentinelLabs,SentinelOne)Julian-Ferdinand Vgele(Insikt Group,Recorded Future)On the Trail of Chinese APTs Playing the Ransomware GameAgendaWhy Would APTs Use Ransomware?What Is China Up To?(Chinese)APTs Use Ransomware.Now What?1/17State-ignoredState-condu

2、ctedWhy Would APTs Use Ransomware?FundraisingMoonlightingFinancial GainMandiant,2019CNN,20232/17DestabilizationCISA,2024Eroding trustDisruption3/17MisdirectionChinas Computer Virus Emergency Response Center(CVERC),2024Cover for espionageMisattributionPlausible deniability4/17Overarching BenefitsDese

3、nsitizationEvidence removalAre we really paying attention anymore?5/17What Is China Up To?Natto Thoughts,20246/17Case#1ChamelGang(CamoFei)The AIIMS(2022)The Presidency of Brazil(2022)DestabilizationBeaconLoader7/17Case#1(Cont.)8/17Case#1(Cont.)India Today,2020BBC,2020The Economist,20229/17Case#1(Con

4、t.)CyberScoop,202410/17Case#2DEV-0401(SLIME34,BRONZE STARLIGHT)Technology&machinery(2022)Financial gain/Misdirection11/17Case#2(Cont.)vx-underground,2022Microsoft,202212/17Case#3Unknown(China or DPRK nexus)Focus on manufacturing(2022)Financial gain/Misdirection13/17(Chinese)APTs Use Ransomware.Now W

5、hat?What Can We Expect From China?https:/ of the shared vendorsUsage scenarios14/17How Can We Keep Track of This?Custom malware+pivotable infrastructureCommodity malwareBurn-after-use infrastructureAPTs as ransomware affiliatesThis is a problemWe have had it pretty easy so farWhat have we missed so

6、far?15/17Times Are ChangingRansomware is only one part of a bigger pictureMicrosoft,2024What other state-sponsored APTs will join the party?16/17Handling“Cybercriminal”AttacksMissed intelligence opportunitiesNo/diminished situational awaren