YoVDO

Supply Chain Attack Through CCleaner - Evidence Aurora Operation Still Active

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Threat Intelligence Courses Incident Response Courses Supply Chain Attacks Courses

Course Description

Overview

Explore the intricacies of a sophisticated supply chain attack through CCleaner in this 27-minute conference talk from BSidesSF 2018. Delve into the details of how hackers compromised millions of accounts, targeting specific telecom equipment companies in the United States, Japan, South Korea, and Taiwan. Examine the evidence suggesting the involvement of APT17, also known as Operation Aurora, and their specialized tactics in supply chain attacks. Analyze the complexity and quality of the CCleaner attack, including the unique implementation of base64 encoding and its connection to previous APT17 operations. Gain insights into the stages of the attack, code reuse detection, and the implications of state-sponsored cyber operations. Learn key takeaways about supply chain vulnerabilities and the ongoing threat landscape in this informative presentation by Itai Tevet.

Syllabus

Intro
ABOUT ME
TOPICS OF DICUSSION
WHAT IS A SUPPLY CHAIN ATTACK?
RESULT OF SUPPLY CHAIN ATTACK
CASE STUDY: CCLEANER SUPPLY CHAIN ATTACK
CCLEANER ATTACKER OVERVIEW
TARGETS AND EFFECTIVENESS
CODE REUSE DETECTION
WHAT DO WE KNOW ABOUT APT 177
STAGE 1 - CODE REUSE
CODE EXAMPLES
STAGE 2 -CODE REUSE
KEY TAKEAWAYS


Taught by

Security BSides San Francisco

Related Courses

Advanced Threat Hunting and Incident Response
LearnQuest via Coursera
Automated Cyber Security Incident Response
EDUCBA via Coursera
Check Point Jump Start: Harmony Mobile
Checkpoint via Coursera
Check Point Jump Start: Harmony Mobile
Checkpoint via edX
Copilot for Cybersecurity
Microsoft via Coursera