Why Nation-State Malwares Target Telco Networks: Dissection Technical Capabilities of Regin and Its Counterparts

Zitieren

Zugehöriges Material

Hacktivity

Coskun, Omer

Formale Metadaten

Titel

Why Nation-State Malwares Target Telco Networks: Dissection Technical Capabilities of Regin and Its Counterparts

Alternativer Titel

Why nation-state malwares target Telco Networks: Regin and its counterparts

Serientitel

Hacktivity 2015

Teil

Anzahl der Teile

Autor

Coskun, Omer

Lizenz

CC-Namensnennung 3.0 Deutschland:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/18849 (DOI)

Herausgeber

Hacktivity

Erscheinungsjahr

2015

Sprache

Englisch

Inhaltliche Metadaten

Fachgebiet

Informatik

Genre

Konferenz/Talk

Abstract

The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such as Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, they have almost exclusively focused on the executables or the memory dump of the infected systems - the research hasn't been simulated in a real environment. In this talk, we are going to break down the Regin framework stages from a reverse engineering perspective - kernel driver infection scheme, virtual file system and its encryption scheme, kernel mode manager- while analyzing its behaviors on a GSM network and making technical comparison of its counterparts - such as TDL4, Uruborus, Duqu2.