More about HYDSEVEN adversary and cryptocurrency threat

Yoshihiro ISHIKAWA/LAC

Nowadays, with the growing interest in cryptocurrency (Crypto Asset), cyber-attack incidents targeting this vector are taking place actively. The cryptocurrency stealing scheme by directly compromising its entities infrastructure has increased the damage to a reported amount of US$882 million, it is a huge amount of money that has been illegally stolen in the history of cyber security industry cannot be ignored. Moreover, the attacks keep on occurring in 2019 too.

We will explain our published research*1 about the usage of malware behind this threat`s alleged cyber adversary group "HYDSEVEN" under investigation on several reported attacks and incidents reported since 2016. The report described its intrusion (the usage of downloader, fake software installer, exploit on vulnerabilities and several VBA macro tricks), to the end game using the RAT variants of custom NetWire and Ekoms (Mokes) malware, bottom-lining the TTP (Tools, Techniques, and Procedures) that can be used to identify this adversary group.

In this presentation, we will disclose several new contents that are not covered in our published report.

November 7 at 10:30 - 11:00, Stage A

Yoshihiro Ishikawa s a member of the Cyber Emergency Center of LAC., he has engaged in malware analysis and cyber threat intelligence. esp. Advanced Persistent Threat (APT) attacks.
He was a speaker at botconf, HITCON, APCERT.
He is also currently positioned as the Program Committee member of Japan Security Analyst Conference hosted by JPCERT/CC in Japan