This year, Japan Security Analyst Conference 2024(JSAC2024) will be held on Jan. 25-26 with virtual & onsite talks. This annual cyber security conference hosted by JPCERT/CC, aimed to bring together security analysts and provide opportunities for them to share technical knowledge related to incident response and analysis.
TeamT5 will have one session during the event. Our CTI Researcher Yi-Chin Chuang and Yu-Tung Chang gave a speech on “Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide ''.
The speech introduces TeleBoyi, a Chinese-nexus APT that has not been disclosed previously. Based on our research findings, TeleBoyi shows a strong preference for targeting critical infrastructure, with a particular focus on the telecommunication sectors. The group has been active since at least 2014 and is currently still active. Their scope of targeting extends across numerous countries worldwide, including APAC, Americas, and Europe.
The presentation also covers TeleBoyi’s Tactic Techniques and Procedures (TTPs) including their new weapons such as DoubleShell, TripleZero, and FakeWorker. Moreover, the presentation discusses overlapping TTPs with other notorious APT groups including Amoeba (APT41), DirtyFuxi (Earth Berberoka), and FamousSparrow. As the activities by TeleBoyi have not yet been documented, we believe the techniques and tactics disclosed in this presentation can help blue teams prevent, detect, and respond to Teleboyi's attacks more efficiently and effectively.
About JSAC 2024
- Time: Jan. 25-26, 2024
- Venue: Ochanomizu Sora City Conference Center, Tokyo, Japan
Cyber attacks occur on a daily basis, and its techniques have been constantly changing. Engineers who analyze and respond to them are required to improve their skills to keep up with the ever-changing techniques of cyber attacks. However, there are few occasions in Japan where techniques and knowledge of incident analysis and response are shared among engineers. Security analysts are expected to get together and exchange their technical expertise on incident handling to develop their strength against cyber attacks both individually and as a whole.
To achieve this goal, JPCERT/CC hosts Japan Security Analyst Conference (JSAC), the annual conference for exchanging technical information on cyber security incident analysis and response. In this conference, security analysts who handle security incidents on a daily basis are encouraged to share information with each other to deal with ever-evolving cyber attacks today and in the future.
*Image courtesy of JSAC