Shedding skin - Turla's fresh faces

Thursday 4 October 12:00 - 12:30, Green room

Kurt Baumgartner (Kaspersky Lab)
Mike Scott (Kaspersky Lab)



Turla is a long-standing and active APT that frequently sheds its skin and grows into something new. Known for a long-running, complex and innovative malware set, satellite-based C&C communications, it is a sophisticated and capable group. Fairly recently, our research initiated projects that later examined Mosquito, Turla and WhiteBear activity, known for MiTM deployments on multiple continents and a complex payload. Late this summer, their unusual JavaScript-based KopiLuwak payload was spear-phished out against other geopolitical hotspots. Where it's hot, there is Turla. Let's examine these malware sets and intrusion techniques, compare them against others, and try to understand why or what will be shed next.

 

 

Kurt-Baumgartner-web.jpg

Kurt Baumgartner

@k_sec

 

 

 

Mike-Scott-web.jpg

Mike Scott

Mike Scott is a principal threat researcher on the Kaspersky Global Research & Analysis Team in the United States. Mike is responsible for discovering and tracking threat activity worldwide, including both criminal and advanced threat actors. Prior to joining Kaspersky, Mike has over 18 years experience covering a range of areas in security including network defence, incident response and forensics, and threat intelligence.

 

Related links

 


   Download slides    Watch video

Back to VB2018 Programme page

Other VB2018 papers

The missing link in the chain? Android network analysis

Rowland Yu (Sophos)

Threat intelligence brokerage revisited

Juan Andrés Guerrero-Saade (Chronicle)

Lightning talks – innovation in threat intel

Sayeed Abu-Nimeh (Seclytics)
Matthias Leisi (DNS Whitelist (DNSWL))

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.