Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
•Differentgovernmentalusesfor malware 
•LawEnforcement 
•Espionage 
•Surveillance 
•Sabotage 
•Warfare
Protecting the irreplaceable | f-secure.com
CosmicDuke
Masking "file.scr"
• rcs.Заказ.doc 
• rcs.18.jpg 
• rcs.DSC_1365527283.jpg 
CVE-2011-0611
CosmicDukeremnants 
•c:botgenstudiogenerations8f1777b0binBot.pdb 
•d:productionnitrosvagenerations809113ddbinBot.pdb 
•d:s...
Havex
Agent.BTZ/ Turla/ Snake / Uroburos
Turla 
Agent.BTZ
DeveloperSignatures 
$Id: event.c14097 2010-11-01 14:46:27Z gilg$ 
$Id: mime64.c 12892 2010-06-24 14:31:59Z vlad$ 
$Id: na...
6es7-315-2 / 6es7-417
Protecting the irreplaceable | f-secure.com
"There was also some music playing randomly on several of the workstations during the middle of the night with the volume ...
Gauss encryption 
movecx, (LENGTHOF tToCrypt)-1 
movedx, OFFSET tToCrypt 
movebx, OFFSET tEncrypt 
L1: 
moveax, [edx] 
XOR...
FinFly
UAE, Bahrain, Saudi Arabia, Syria… 
•Finfisher(Gamma) 
•RCS (HackingTeam) 
•DarkComet 
•BlackShades 
•XtremeRAT 
•Spynet
Image Source: When Governments Hack Opponents: A Look at Actors and Technology, Citizen Lab + ICSI
HackerUnitsindsideUKUSA intelligenceagencies 
JTRIG
THE EYES 
•FIVE EYES: USA, UK, Canada, Australia, New Zealand 
•NINE EYES: FiveEyes + Denmark, Norway, TheNetherlandsand F...
•freebrokep 
FREE Peter Sunde
GenevaConvention 
"Legitimate military targets are limited to those objects which by their nature make an effective contri...
Pleasefillyourfeedback formifyouhavenicethingsto say. Otherwise, nevermind. 
ThankYou
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Próxima SlideShare
Cargando en…5
×

Governments As Malware Authors - Mikko Hypponen at Black Hat 2014

Governments As Malware Authors - The Next Generation

Talk delivered by Mikko Hypponen at Black Hat USA 2014

  • Sé el primero en comentar

Governments As Malware Authors - Mikko Hypponen at Black Hat 2014

  1. 1. •Differentgovernmentalusesfor malware •LawEnforcement •Espionage •Surveillance •Sabotage •Warfare
  2. 2. Protecting the irreplaceable | f-secure.com
  3. 3. CosmicDuke
  4. 4. Masking "file.scr"
  5. 5. • rcs.Заказ.doc • rcs.18.jpg • rcs.DSC_1365527283.jpg CVE-2011-0611
  6. 6. CosmicDukeremnants •c:botgenstudiogenerations8f1777b0binBot.pdb •d:productionnitrosvagenerations809113ddbinBot.pdb •d:svanitrobotgenstudiointerfacegenerations80ddfcc1binBot.pdb •D:PRODUCTIONNITROKSKGenerations70BCDEA1binBot.pdb •C:ProjectsNEMESISnemesis-geminanemesisbincarriersezlzma_x86_exe.pdb
  7. 7. Havex
  8. 8. Agent.BTZ/ Turla/ Snake / Uroburos
  9. 9. Turla Agent.BTZ
  10. 10. DeveloperSignatures $Id: event.c14097 2010-11-01 14:46:27Z gilg$ $Id: mime64.c 12892 2010-06-24 14:31:59Z vlad$ $Id: named_mutex.c15594 2011-03-18 08:04:09Z gilg$ $Id: nt.c20719 2012-12-05 12:31:20Z gilg$ $Id: ntsystem.c19662 2012-07-09 13:17:17Z gilg$ $Id: snake_config.c5204 2007-01-0410:28:19Z vlad$
  11. 11. 6es7-315-2 / 6es7-417
  12. 12. Protecting the irreplaceable | f-secure.com
  13. 13. "There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was the americanband acdcthunderstruck. It was all very strange and happened very quickly. the attackers also managed to gain root access to the machine they entered from and removed all the logs."
  14. 14. Gauss encryption movecx, (LENGTHOF tToCrypt)-1 movedx, OFFSET tToCrypt movebx, OFFSET tEncrypt L1: moveax, [edx] XOReax, ACDC noteax mov[ebx], eax incedx incEBX LOOP L1 movedx, OFFSET tOutEncr callWriteString movedx, OFFSET tEncrypt callWriteString callCrlf ret
  15. 15. FinFly
  16. 16. UAE, Bahrain, Saudi Arabia, Syria… •Finfisher(Gamma) •RCS (HackingTeam) •DarkComet •BlackShades •XtremeRAT •Spynet
  17. 17. Image Source: When Governments Hack Opponents: A Look at Actors and Technology, Citizen Lab + ICSI
  18. 18. HackerUnitsindsideUKUSA intelligenceagencies JTRIG
  19. 19. THE EYES •FIVE EYES: USA, UK, Canada, Australia, New Zealand •NINE EYES: FiveEyes + Denmark, Norway, TheNetherlandsand France •FOURTEEN EYES: Nine Eyes + Sweden, Germany, Belgium, Italyand Spain
  20. 20. •freebrokep FREE Peter Sunde
  21. 21. GenevaConvention "Legitimate military targets are limited to those objects which by their nature make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage"
  22. 22. Pleasefillyourfeedback formifyouhavenicethingsto say. Otherwise, nevermind. ThankYou

×