lazarusholic

Everyday is lazarus.dayβ

Operation Clairvoyance: How APT Groups Spy on the Media Industry

2023-05-12, TeamT5
https://i.blackhat.com/Asia-23/AS-23-Chen-Operation-Clairvoyance-How-APT-Groups-Spy-on-the-Media-Industry.pdf
AS-23-Chen-Operation-Clairvoyance-How-APT-Groups-Spy-on-the-Media-Industry.pdf, 3.6 MB
#CloudDragon #Slides

Contents

Operation Clairvoyance:
How APT Groups Spy on the Media Industry
Yue-Tien Chen & Zih-Cing Liao

#BHASIA

@BlackHatEvents


About us

Yue-Tien Chen

Zih-Cing Liao (aka DuckLL)

• Threat Intelligence Researcher @ TeamT5
• Focus on APAC APT

• Sr.Threat Intelligence Researcher @ TeamT5
• Speaker of Conferences:
Black Hat Asia, HITB, HITCON, CODE BLUE
• UCCU Hacker Core Member

#BHASIA

@BlackHatEvents


Agenda
I.

Introduction: Overview of APT attacks targeting media

II. Operation Clairvoyance: APT attacks targeting media in Taiwan
III. Case Study: Hacker's note
IV. Conclusion

#BHASIA

@BlackHatEvents


Introduction:
Overview of APT attacks targeting media

#BHASIA

@BlackHatEvents


Why APT Groups Spy on Media

Information Collection

Political Relationships

Information Operation

#BHASIA

@BlackHatEvents


Security Issues in Media

Emails

Web Services
Social Media

Outdated Hardware and Software

Information Security Staff #BHASIA @BlackHatEvents


#BHASIA

@BlackHatEvents


APT attacks targeted Media
#BHASIA

@BlackHatEvents


CloudDragon
• Alias: Kimsuky

• Targeted Country: KR, JP, US
• TTP: Phishing, BabyShark, AFMail

#BHASIA

@BlackHatEvents


Operation Clairvoyance:
APT attacks targeting media in Taiwan

#BHASIA

@BlackHatEvents


What's special about Taiwan

Geopolitics

Elections

Semiconductor

#BHASIA

@BlackHatEvents


U.S. House of Representatives Visit

#BHASIA

@BlackHatEvents


Compromised Digital Billboard

#BHASIA

@BlackHatEvents


Compromised Youtube Channel

#BHASIA

@BlackHatEvents


Clairvoyance
千里眼
#BHASIA

@BlackHatEvents


President Election

C

F

D

A

E

2020

Joint Election

A

C

A

B

E

2019

Referendum

Presidential Inauguration

2021

H

2022

2023

C

G

B

B

Amoeba

Huapi

Goushe

SLIME50

SLIME51

yanghai

F

C

A

E
SLIME25
#BHASIA

@BlackHatEvents


President Election

Presidential Inauguration

Referendum

Joint Election

Timeline
ofD cases targeting
F
C
E media in Taiwan
A
A

2019

2020

A

B

E

C

2021

H

2022

2023

C

G

B

B

Amoeba

Huapi

Goushe

SLIME50

SLIME51

yanghai

F

C

A

E
SLIME25
#BHASIA

@BlackHatEvents


Timeline
ofD cases targeting
F
C
E …