This year, Black Hat Asia is held online and in-person, May 9-12, 2023 in Singapore Time (UTC+8). Yue-Tien Chen and Zih-Cing Liao, cyber threat intelligence researchers from TeamT5, will give a talk on the topic “Operation Clairvoyance: How APT Groups Spy on the Media Industry”.
From TeamT5’s long term research, cyber espionage actors have demonstrated great interest in the media industry. These actors seem to like to see Taiwan's daily activities through the "eyes" of these media companies and journalists. During Taiwan's intense 2022, TeamT5 saw more and more advanced persistent threat (APT) groups infiltrate Taiwan's media industry. In our observation, the media has become the first non-government target of those APT groups.
This talk will focus on APT's targeted attack against media companies in Taiwan. We dubbed this series of attacks "Operation Clairvoyance." Because Taiwan has a much more intensive political situation, such as the former US House Speaker Nancy Pelosi's visit and the 2022 Local Election, we will dissect more than 20 targeted attack operations TeamT5 has tracked since 2020. Our analysis shows technical links between these targeted attacks and the notorious Chinese APT, including APT23 (aka GouShe), APT41 (aka Winnti, Amoeba), and BlackTech (aka Huapi).
TeamT5 researchers’ presentation will cover these attacks' tactic, techniques and procedures (TTPs). We have seen those APT groups adopt different TTPs aimed at media companies. Some of those backdoor abuse cloud service as their C2.
More importantly, these cases gave us a peek into China's strategic move. We believe that these APT attacks are the preliminary work of the Chinese government. Also, our strategic intelligence indicates several possible scenarios which could lead us to consider the ultimate goal of these APT attacks.
By sharing this talk at Black Hat Asia, TeamT5 hopes more people and organizations are aware of this topic.
About Black Hat Asia
Black Hat is the world leading cybersecurity event, and remains the best and biggest event of its kind. It provides attendees with cutting-edge security research, development and trends, and has the ability to define tomorrow’s information security landscape. Black Hat Asia is an Black Hat extended event which is held in Singapore annually.
BlackHat's Talk: Breaking Samsung's Root of Trust - Exploiting Samsung Secure Boot
vulnerability research , D39, Black Hat, cyber threat intelligence, threat hunting
Black Hat’s Talk: D39 Shares Their Research on Breaking Samsung Secure Boot at Black Hat USA 2020
vulnerability research , Black Hat, cyber threat intelligence, threat hunting