analysis, APT, cyberespionage, cyberthreat, whitepaper

The Project Sauron APT

Posted by Samuel Alonso on

Key takeaways,

  • DNS keeps being an important protocol for exfiltration
  • Process Injection, Memory Persistence, no file trace in disk
  • Living of the land techniques to move laterally
  • They thwarted the attribution process not using twice the same threat infrastructure

https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s