A vine climbing over the Great Firewall: a long-term attack against China

Wednesday 2 October 11:30 - 12:00, Red room

Lion Gu (Qi An Xin Threat Intelligence Center)
Bowen Pan (Qi An Xin Threat Intelligence Center)



In this talk, we will expose a little-known APT group, PoisonVine, and its long history of cyber espionage activities dating back 11 years. The group is keen on Chinese entities, and aims to harvest political and military intelligence. The group's targets include government agencies, military personnel, research institutes, and maritime agencies. The group has compromised multiple entities successfully and was still active in 2018. We will introduce the group's campaigns in detail, including malware, vulnerabilities, infrastructure and TTP. Furthermore, we will shed light on attack impact and actor attribution thanks to mistakes made by the group when they were storing all stolen data - including profiles of victim machines and sensitive documents - in cloud storage at the data exfiltration stage.

 

 Related links

 

silhouette-vb2019.jpg

Lion Gu

Lion Gu is a security analyst in the Qi An Xin Threat Intelligence Center. He has been a security professional for over 15 years. He graduated with a B.A. in electrical engineering and holds several security certificates, including CISSP, CEH and CCNP. His interests covers all aspect of cybersecurity, in particular malware analysis, cybercrime in general, and web security. He is an active member of the local security community, where he helps businesses, academic institutions and governments to improve their security. He has presented at a number of security industry conferences, including Black Hat, RSA, AVAR, and CNCERT Annual. He was formerly part of Trend Micro's Forward-looking Threat Research Team.

Bowen-Pan-web.jpg

Bowen Pan

Bowen Pan is a senior threat analyst at the Qi An Xin Threat Intelligence Center, with more than eight years' experience of working in security. Bowen spent several years researching mobile security and mobile threat analysis, and discovered and reported a rookit-like malware on the Android platform named Poisoncake. Bowen now focuses on APT threat analysis and hunting, with particular interest in threat intelligence and other threat analyst principles. He spoke on the subject of "Leverage OSINT on APT group tracing" at the FIRST Regional Symposium Asia-Pacific forum in October 2018.


   Download slides    Read paper    Watch video

Back to VB2019 Programme page

Other VB2019 papers

Exploring the Chinese DDoS landscape

Nacho Sanmillan (Intezer)

Different ways to cook a Crab...

John Fokker (McAfee)
Alexandre Mundo (McAfee)

Panel: Bursting the myths about threat intelligence sharing

Kathi Whitbey (Palo Alto Networks)
Jeannette Jarvis (Fortinet)
Dan Saunders (NTT)
John Fokker (McAfee)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.