Threat Hunting CrowdCast - WICKED PANDA in the mist
Thursday, December 6th @ 13:00 GMT
China has become the biggest state sponsor of cyber-attacks on the West, mounting attacks on commercial businesses, universities, government departments, think tanks and NGOs.
One of the most active adversaries in 2018 was the group known as 'Wicked Panda' which can also be referred to as 'WICKED SPIDER'.
The use of two cryptonyms for this group exemplifies how this adversary has demonstrated two different motivations for conducting malicious cyber operations.
WICKED PANDA represents the targeted intrusion operations of the actor publicly known as "Winnti" whereas this group's financially-motivated criminal activity is represented by the WICKED SPIDER moniker. Analysis of the tools and infrastructure linked to WICKED PANDA operations trace back to contractors who count multiple Chinese government agencies as clients, including the Ministry of Public Security. Observed targeting from the WICKED PANDA adversary has focused on entities in the engineering, manufacturing, and technology sectors. The actor makes use of a number of open source and custom tools to infect and move laterally in victim networks.
This is a technical session all around this threat actor. We'll discuss in detail how it compromises networks and what you can do to detect and respond to it's attacks.
Join this webcast to learn:
- The evolution of activity since 2010 malware through to spear phishing, supply chain and web server exploitation in 2018
- Spotlight on notable malware such as WINNTI IMPLANT, PROXIP IMPLANT & RBDOOR
- Notable installation and post exploitation TTPs and how you can detect a potential intrusion
Speaker: Stuart Davis - Director of Incident Response, EMEA at CrowdStrike
Stuart Davis heads up the Incident Response team within Europe at CrowdStrike with responsibility for managing the IR process for cyber security incidents including forensic investigation/analysis, advanced incident handling, intelligence gathering, forensic research, and formal incident investigation.
He has been involved in Information Security Services for over 10 years. In this time, he has held a variety of roles including Enterprise Security Architecture, Security Consulting and Incident Response.
Before joining CrowdStrike, Stuart has been involved in delivering security and incident response services with Mandiant (FireEye), X-Force IRIS (IBM), McAfee (FoundStone).