Operation SemiChimera

Explore an in-depth analysis of Operation SemiChimera, a series of advanced persistent threat (APT) attacks targeting the semiconductor industry, particularly in Taiwan. Delve into the tactics, techniques, and procedures used by the threat actors, their potential motivations, and the devastating impact of stolen intellectual property. Gain valuable insights into the current cybersecurity landscape of Taiwan's semiconductor sector and learn from the experiences of companies that have improved their defenses. Understand the challenges facing the industry and discover practical strategies to protect against similar attacks. This presentation, delivered by cybersecurity experts from Cycraft, offers crucial information for semiconductor companies and security professionals looking to enhance their threat intelligence and defensive capabilities.

Intro
C.K Chen @bletchley13
CyCraft in MITRE ATT&CK Evaluation
Outline
Cyberattack to semiconductor vendors
Group Chimera
Investigation Overview
Today's Case Study
Case A: Overview
Used Hosting Server for C2
Root Cause Analysis - PC-SHENNA
Remote Execution Tools
Root Cause Analysis - Server-LAUREN
NTDS.DIT Explanation
Root Cause Analysis - NB-CLAIR
Recon
Data Exfiltration
Powershell
Cyber Situation Graph
Archive Password
Leaked File Name
Actors' Digital Arsenal
Cobalt Strike Beacon
Cobalt Strike Components
Suspicious R-W-X Memory
Hybrid Payload: PE as Shellcode
Transfer Shellcode via Named Pipe
Mutated rar.exe
Forwarded Imports
Dumpert: Implementation
Impact of Skeletonkey Injector
Take Away - 2