Who Did It - How We Attributed Campaigns of a Cyber Mercenary

Explore a detailed investigation into the activities of a cyber mercenary known as Void Balaur in this 29-minute Black Hat conference talk. Uncover the actor's underground forum presence and examine their campaigns spanning from 2016 to 2021. Dive into pivoting methods, phishing techniques, and pricing structures for email hacking services. Analyze the mercenary's targeting patterns, including over 3000 targets worldwide and notable incidents in Uzbekistan. Compare Void Balaur's operations with those of Pawn Storm and examine their strategic targeting approach. Gain insights into the actor's working hours and days, and consider the effectiveness of current defenses against such cyber threats. Learn how attribution techniques were applied to unmask this elusive cyber mercenary operating without a public presence.

Intro
Imagine an investigative journalist
Indicators phishing campaign 2020
Pivoting Methods
General Phishing ?
Business Aviation ?
Rocket Hack
Prices e-mail hacking
Moto Void Balaur
Monitoring and patiently waiting
Enhanced monitoring
3000+ targets all over the world
Noteworthy targets
Uzbekistan incidents
Exact overlap with Pawn Storm
Comparing with Pawn Storm
Targeting of a big conglomerate
Void Balaur is worried
Strategic targeting
Working Hours of Void Balaur
Working Days
Defenses
Is this enough?