Tactics, Techniques, and Procedures of the World’s Most Dangerous Attackers presented at BlueHatIL 2020

by Robert Lipovsky,

URL : https://youtu.be/9LAFV6XDctY

Summary : In the recent years, we have analyzed some of the most significant cyberattacks in history. In this presentation we'll go over the most interesting tactics, techniques, and procedures of the adversaries behind them. Specifically, we'll analyze the TTPs of Sednit (a.k.a APT28), the group reportedly responsible for the Democratic National Committee hack that affected the US 2016 elections. The most notable addition to their arsenal is a UEFI rootkit to achieve persistence on victimized systems. Dubbed Lojax, it is the first UEFI rootkit found in the wild. We'll analyze how it works and share the story of its discovery. The second group that we'll focus on is Telebots (a.k.a Sandworm), the group behind the first malware-driven electricity blackouts (BlackEnergy and Industroyer) and the most damaging cyberattack ever (NotPetya). We'll recap these infamous attacks, but also discuss their more recent activities. The discussed TTPs will be mapped to the MITRE ATT&CK taxonomy and we will share some lessons learned from analyzing these attacks, useful in strengthening the security posture of your organization.​​