Hold online for the first time due to the COVID-19 pandemic, on January 28, Japan Security Analyst Conference 2021 (JSAC2021), the annual cyber security conference hosted by JPCERT/CC, aimed to bring together security analysts and provide opportunities for them to share technical knowledge related to incident response and analysis.
TeamT5's CTO Charles Li and other Japanese researchers from ITOCHU Corporation, Macnica Networks, and Kaspersky, presented a joint speech on the topic of A41APT case - Analysis of the Stealth APT Campaign Threatening Japan. In this session, they introduced the A41APT targeted attack campaign that has been confirmed since March 2019. The attacker's infrastructure and the relevance of this attacker group's attribution to specific APT groups were also discussed.
As one of the 11 presenters out of 22 candidates, our cyber threat analyst Shui Lee and malware researcher Leon Chang spoke on the third track of the conference, unveiling a new Chinese APT group LuoYu, which hasn't yet been grouped by the public.
Shui and Leon presented their in-depth analysis of ReverseWindow.
According to their speech "LuoYu, the Eavesdropper Sneaking in Multiple Platforms", LuoYo's activity has been observed since 2014, targeting tech companies, media, educational institutions, and other industries in China, Hong Kong, Japan, South Korea, and Taiwan. This presentation focused on a detailed description on ReverseWindow. For more details, please read the full JSAC2021 Report by JPCERT/CC.
Cyber attacks occur on a daily basis, and its techniques have been constantly changing. Engineers who analyze and respond to them are required to improve their skills to keep up with the ever-changing techniques of cyber attacks. However, there are few occasions in Japan where techniques and knowledge of incident analysis and response are shared among engineers. Security analysts are expected to get together and exchange their technical expertise on incident handling to develop their strength against cyber attacks both individually and as a whole.
To achieve this goal, JPCERT/CC hosts Japan Security Analyst Conference (JSAC), the annual conference for exchanging technical information on cyber security incident analysis and response. In this conference, security analysts who handle security incidents on a daily basis are encouraged to share information with each other to deal with ever-evolving cyber attacks today and in the future.
More information on JSAC2021 event website.
*Image courtesy of JSAC2021