S1E02: Cafe Bohannon
State of the Hack - A podcast by Mandiant
Categorie:
“Activity Round-up”: This week, we talk about new techniques being used by Iran's "MuddyWater" (TEMP.Zagros) and Vietnam's APT32. We discuss our Mandiant response efforts into large Chinese espionage campaigns that have picked up in the past year, highlighting both APT20 targeting of service providers and some fresh TEMP.Periscope activity at many clients. “What to Expect When You’re Resetting”: We describe several approaches and challenges with mid-breach enterprise password resets - and the results of Christopher’s polls on your experiences. “Cafe Bohannon”: We close with a chat with Daniel Bohannon (@danielhbohannon) about good coffee, "tasteful obfuscation," and preview of DBO's upcoming Black Hat Asia 2018 research & tool releasing next week. Referenced material: • MuddyWater blog post: https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html • One of the APT32 backdoors, using DLL sideloading (from ESET): https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/ • Chinese aligned cyber espionage activity from TEMP.Periscope: https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html State of the Hack is FireEye’s monthly live broadcast series, hosted by Christopher Glyer (@cglyer) and Nick Carr (@itsreallynick), that discusses the latest in information security, cyber espionage, attack trends, and tales from the front lines of responding to targeted intrusions.