The Inception Framework: Cloud Based Targeted Attack Infrastructure presented at BSidesSLC 2015

by Waylon Grange,

Summary : During the summer of 2014, we discovered a highly automated and extremely sophisticated framework for performing targeted attacks. In December we named it “Inception” —a reference to the 2010 movie about a thief who entered peoples’ dreams and stole secrets from their subconscious. Targets include individuals in strategic positions: Executives in important businesses such as oil, finance and engineering, military officers, embassy personnel and government officials. Malware payloads designed for a wide array of potential devices, including PCs, home routers, and mobile devices running iOS, BlackBerryOS or Android, were also recovered during the course of our research. The operational security exhibited by the attackers is very good and suggests nation-state backing. Additionally, the attackers used multiple red-herrings to throw off potential investigators and mask their true Identity. Many of the indicators falsified by these attackers have been used as trusted information when attributing other know threats which should call into question the legitimacy of such claims. This presentation will walk through the discovery and processes we used to peel back the layers behind this sophisticated framework.