[CyCraft]Tracking BlackTech Activities - Attacks to What You Trust and Blind Your Defense presented at CODEBLUE2020 2020

by Shih-min , Chan ,

Summary : BlackTech is currently one of the more dangerous cyber espionage groups that continues evolves and expands its attacks on East Asian targets.As a key player on the cyber defense forefront, we have been monitoring BlackTech’s attack campaigns continuously, especially attacks in the government sector and critical infra. In this presentation, we will share our threat hunting methods and investigation experience of two cases conducted by BlackTech during the past two years: Compromised Outsoucer and DLP System Hijacking. These studies show that BlackTech tends to specifically target at the enterprise’s trusted entities, including supply chain software and service vendors.