Christmas Hancitor Campaign

Recordings

https://www.youtube.com/watch?v=-N67xrL82L8&list=PL8N5HiRDvZ-dVdLNXf6kC3WDi8AWBS27g&index=8

View Recording

Slides

/files/slides/001-07_AYSDBU - Artem Artemov_Christmas Hancitor Campaign.pdf

View Slides

Abstract

Security teams are tasked with defending their organization from incoming attacks, but in the rapidly changing environments how can they stay ahead of threat actors?

During the height of the pandemic, almost all countries introduced restrictions, limiting many day-to-day activities. Many aspects of public life and work were put on hold. But that didn’t apply to hackers. As businesses moved to remote working there was a surge in hacker activity targeting vulnerable VPN servers and publicly available RDP services.

We uncover the attacks carried out by Hancitor operators on a European company. Revealing how we identified the attack, discovered the threat actor’s infrastructure and finally prevented an incident from occurring by interrupting encryption of the organization’s systems and network. We share how Group-IB’s Threat Intel & Attribution team detected an attack as it took place and kicked out the threat actors before damage was done.

We reveal all the stages of hacker activity - from gaining initial access to lateral movement, methods of investigating these stages, and the hacker’s tools. We also share our top recommendations that teams can immediately action to help prevent cyber threats.

Finally, and most importantly, we will share how security teams can utilize timely and accurate threat intelligence to stay ahead of threat actors to identify attacks and prevent incidents from happening.

Artem Artemov

16 years in computer forensics. Former policeman. Conducted high-profile incident responses and investigations on Anunak/Carbanak, Buhtrap, Lurk, Cobalt, Fin7, and other groups worldwide. 100+ trainings and workshops for universities, law enforcement, and commercial companies