Скачать или смотреть OBTS v8: “Hook, Line & Koi Stealer: New macOS Malware in DPRK Fake Job Interviews” A Gabay & D Frank

OBTS v8: “Hook, Line & Koi Stealer: New macOS Malware in DPRK Fake Job Interviews” A Gabay & D Frank

Скачать OBTS v8: “Hook, Line & Koi Stealer: New macOS Malware in DPRK Fake Job Interviews” A Gabay & D Frank бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно OBTS v8: “Hook, Line & Koi Stealer: New macOS Malware in DPRK Fake Job Interviews” A Gabay & D Frank или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку OBTS v8: “Hook, Line & Koi Stealer: New macOS Malware in DPRK Fake Job Interviews” A Gabay & D Frank бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео OBTS v8: “Hook, Line & Koi Stealer: New macOS Malware in DPRK Fake Job Interviews” A Gabay & D Frank

Slides: https://objectivebythesea.org/v8/talk...

Talk Description:
In this presentation, we share details of our investigation into nation-state activity linked to the DPRK, involving the use of fake job interviews. These operations impersonate legitimate recruiters from the tech industry to target software developers, particularly those working in the cryptocurrency sector.

During our investigation, we observed and analyzed various TTPs associated with DPRK-linked threat actors, but what stood out most was our discovery of a previously undocumented macOS malware strain that exhibits a range of sophisticated and unusual capabilities. This strain leverages AppleScript (osascript) for command execution and persistence, and maintains separate memory streams for command and control (C2) communication.

Up until this investigation, Koi Stealer had only been observed targeting the Windows operating system, and had not been linked to nation-state threat actors. We used several lines of evidence to link the macOS variant to its Windows counterpart, and to attribute the activity to DPRK-aligned threat actors:

TTP Correlation: The attack patterns align with known tactics, techniques, and procedures (TTPs) associated with North Korean groups, especially their use of social engineering through fake job offers to lure victims.

Code Similarity Analysis: We identified significant overlaps in code structure, encryption routines, and similar C2 communication between the new macOS variant and its Windows predecessor.

Infrastructure Pivoting: By tracing the C2 infrastructure, we were able to link the campaign to previously known North Korean operations, and to identify that one of the C2 servers was also being used by the Windows variant of Koi Stealer.

Speaker's Bio:
👤 Adva Gabay is the manager of the macOS research team for Cortex XDR, focusing on low-level research, coverage, and detection initiatives. Her experience includes low-level and network research across various operating systems, specializing in macOS, as well as reverse engineering and the development of research tools for these platforms.
/ adva-gabay

Daniel Frank is the manager of threat research at Palo Alto Networks, with over a decade of experience. His core roles include researching emerging threats, reverse-engineering malware, and threat hunting. Frank showcased his research in different cybersecurity conferences over the years. Frank has a BSc degree in information systems.
https://x.com/powdertoastcat

Support the Objective-See Foundation:
https://www.objective-see.org/
https://x.com/objective_see/
/ objective-see

Комментарии

Информация по комментариям в разработке