How persistent is an APT? Battling Three Threat Actors in a Single Environment

Поделиться
HTML-код
  • Опубликовано: 19 ноя 2024
  • As seasoned incident responders we help organizations eradicate and remediate threat actors on a daily basis. Yet, what happens when our efforts to neutralize one threat inadvertently collide with another? Imagine the scenario: you're on the verge of thwarting a financially motivated threat actor, only to discover that your actions disrupted the operations of a Chinese state-sponsored adversary. And just as you prepare to execute a kill-switch operation against the first, a second Chinese APT emerges, throwing a wrench into your carefully laid plans. In this presentation, we delve into the intricacies of combating multiple threat actors concurrently. Drawing from real-world experiences, we offer a firsthand account of the cat-and-mouse game that unfolds between incident responders and their adversaries. We'll uncover the tactics employed by highly persistent threat actors in response to our remediation efforts. From adapting indicators of compromise (IOCs) to evading detection within networks, we'll shed light on the myriad challenges encountered. Join us as we share our lessons learned and strategies for combating state-sponsored threat actor.
    SANS DFIR Summit 2024
    How persistent is an APT? Battling Three Threat Actors in a Single Environment
    Speakers:
    Oren Biderman, Incident Response Team Leader, Sygnia
    Amnon Kushnir, Director of Incident Response, Sygnia
    View upcoming Summits: www.sans.org/u/DuS

Комментарии •