Operation Orca - a cyber espionage diving in the ocean for at least six years

Thursday 5 October 09:30 - 10:00, Red room

Chia-Ching Fang (Trend Micro)
Shih-Hao Weng (Trend Micro)

An APT attack is often just the tip of the iceberg - researchers have to dive as deeply as possible in order to paint the whole picture. In 2011, one Japanese heavy industry firm, which is also one of biggest defence contractors in Japan, disclosed that it had been the target of APT attackers.

Six years have now passed, during which time we have been investigating and tracking the group, and we believe that this APT group is still active. Furthermore, the group's main targets are not only in Japan, but also in Korea, India and Russia. The high-value intelligence for them is defence-related.

In this talk, we will discuss how the group penetrates its targets and how it keeps enhancing its malware to avoid being detected. We will also demonstrate how victims are controlled, and the tools used. Moreover, we will describe the evolution of RAT and C&C communication protocols and how they make a great covert channel for evading network security devices.

This presentation will cover the following:

  • The background of Operation Orca.
  • The technologies used in Operation Orca.
  • Victims and disaster assessment.
  • The attribution of Operation Orca.
  • Countermeasures against Orca.

We will share our knowledge of the cutting-edge APT with attendees, and explore the skills and tools that the threat actors adopt. In the end, attendees will leave with a suitable defence strategy against Orca.

 

Chia-Ching_Fang-web.jpg

Chia-Ching Fang

Chia-Ching Fang is a threat researcher at Trend Micro. He has over 12 years of experience in malware analysis, malicious document analysis, and vulnerability assessment. His current research focuses on targeted attacks and threat intelligence.

 

 

silhouette-web.jpg

Shih-Hao Weng

Shih-Hao Weng is a senior threat researcher at Trend Micro. He has focused on targeted attack investigation, incident response, and threat solution research for more than 15 years.



VB2018 MONTREAL!

VB2017 OVERVIEW

VB2017 SPEAKERS

VB2017 PROGRAMME

2017 PÉTER SZŐR AWARD


Other VB2017 papers

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…

Mariachis and jackpotting: ATM malware from Latin America

Thiago Marques (Kaspersky Lab)

Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.