Two Strategies for Supply Chain Attacks

Explore two strategies for supply chain attacks in this Hack In The Box Security Conference talk. Delve into the BARIUM APT group's tactics, techniques, and procedures (TTPs) used in various supply chain attacks, including the ASUS Operation ShadowHammer. Learn about the group's targeting of game and software development companies worldwide, their use of 'winnti' and 'PlugX' malware, and the Korea Internet & Security Agency's analysis of related incidents. Discover how attackers compromise software development environments and update servers to execute these sophisticated attacks. Gain insights from experienced cybersecurity professionals on intrusion analysis, malware detection, and defensive strategies against supply chain threats. Examine multiple case studies, explore the ATT&CK Matrix, and understand the importance of securing software development and distribution processes.

Intro
What is Supply Chain Attack?
ASUS Supply Chain Attack : Select Infection PC
ASUS Supply Chain Attack : TYPE - B
Case Study: Supply Chain Attack
Case A : Overview
Case B: Overview
Case B: Plug X malware
Case B : Select Infection PC
Case C: Overview
Case C: Hiding Attacker IP
Case C: Distribution Additional Malware
Case D: Overview Update server of
Case E : Overview
Case E : Hijacking account
Association Analysis: Select Infection PC
Association Analysis: Code Tampering
Association Analysis: ShadowPad
Association Analysis : Plugx Module
Association Analysis : Attacker IP
Attack Features and Strategies : ATT&CK Matrix
Defensive Strategy