We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Why Nation-State Malwares Target Telco Networks: Dissection Technical Capabilities of Regin and Its Counterparts

Formal Metadata

Title
Why Nation-State Malwares Target Telco Networks: Dissection Technical Capabilities of Regin and Its Counterparts
Alternative Title
Why nation-state malwares target Telco Networks: Regin and its counterparts
Title of Series
Part Number
22
Number of Parts
29
Author
License
CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such as Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, they have almost exclusively focused on the executables or the memory dump of the infected systems - the research hasn't been simulated in a real environment. In this talk, we are going to break down the Regin framework stages from a reverse engineering perspective - kernel driver infection scheme, virtual file system and its encryption scheme, kernel mode manager- while analyzing its behaviors on a GSM network and making technical comparison of its counterparts - such as TDL4, Uruborus, Duqu2.