The Security Ledger

Episode 80: APT Three Ways

In this week’s Security Ledger Podcast, Episode – number 80 – we look at Advanced Persistent Threat (or APT) actors three ways with three different experts offering their take on the world’s most sophisticated hacking groups in Russia, North Korea and the Middle East. 

Advanced Persistent Threats (APTs) are the most dreaded of online threats. They’re determined and well resourced. Rather than carry out ‘smash and grab’ operations, they lurk quietly for days, weeks, months or years: gathering intelligence on their targets and (maybe) stealthily making off with the most valuable bits of knowledge. Sure, APTs are rare – but the cost to your organization of an APT attack can be huge. And, in this era of nation-backed hacking, the spectre of APT groups looms over  more than government agencies, the military and defense contractors.

In this week’s podcast, we’re going to look at three different APT groups: in Russia, North Korea and the Middle East. We invited three experts into our studios to help sort out what is going on with each.

In our first segment, we reprise our Spotlight Podcast conversation with Jon Condra of Flashpoint* about Russia’s re-evaluation of its “active measures” hacking in the US and Western Europe. Then, Juan Andres Guerrero-Saade (@juanandres_gs) of the firm Recorded Future updates us on the doings of the North Korean hacking cell known as Lazarus Group. In our final segment, Emily Miller of the firm Mocana reports back from last week’s S4 Conference in Miami on developments in the cases of Trisis, a family of malicious software that was found on safety and control systems at facilities in Saudi Arabia.

In this week’s podcast, we talk with three different experts about APT (advanced persistent threat) actors in Russia, North Korea and the Middle East. (Image courtesy of US Dept. of Defense)

Part 1: Russia reconsiders

In our January Security Ledger Spotlight podcast, Jon Condra, the director of Asia Pacific Research at Flashpoint talked about some of that company’s findings in its latest Business Risk Intelligence Decisions Report. In our first segment this week, we reprise that conversation to hear Jon talk about how geopolitical factors influence online operations by nation-backed Advanced Persistent Threat groups. To start off, I asked Jon to talk about one of the report’s more interesting claims: that Russia may be rethinking the wisdom of its online intelligence operations, given the repercussions, including tighter sanctions in the U.S.

Part 2: North Korea’s Lazarus Group Branches Out

In our second segment, the firm Recorded Future recently published a report on the doings of the North Korean hacking collective known as Lazarus Group, which has included stepped up activities against crypto currency exchanges, the destructive WannaCry wiper attack in the UK and Western Europe and attacks on students and civil society groups. Juan Andres Guerrero-Saade of Recorded Future, one of the co-authors of that report- joined us to talk about why The Lazarus Group is suddenly interested in cryptocurrency exchanges, where North Korean hackers learn their trade and what the North Koreans might try in 2018.

Part 3: Understanding the TRISIS Attack

In our final segment,  the 2018 S4 Conference recently wrapped up in Miami. It is one of the most prominent gatherings of experts in the cyber security of industrial control systems. In our final segment, we invited Emily Miller of the firm Mocana on to talk about one of the highlights of this year’s S4: a presentation on the recent TRISIS or TRITON attack, in which Malware targeted a TRICONEX industrial control safety system at a facility in the Middle East. Miller said that one of the big disclosures was that TRISIS targeted a “zero day” or previously unknown vulnerability on TRICONEX safety controllers. The equipment is widely used in the industrial sector, Miller said. And, like much industrial equipment, safety controllers often suffer from improper security protections and configuration.

As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud. And, if you like our intro music, check out Blank and Kytt who recorded “RSPN,” the song we used in this podcast.

Editor’s Note: Flashpoint is a premium sponsor of The Security Ledger.

Spread the word!