In March 2023, we discovered a cyber attack campaign targeting Taiwanese government agencies. The campaign employed devious tactics such as tampering with legitimate websites to distribute malware, using URL obfuscation, and employing multi-stage loaders. In this session, we will first provide an overview of this attack campaign and share the analysis results of the malware used. Through this, the audience will be able to understand the latest attack cases targeting Taiwan. As a result of our investigation, we suspect that this attack campaign was orchestrated by a China-nexus attack group. We will discuss the specific evidence supporting this assumption, and trace back to past attack campaigns. Past campaigns include attacks that abused the CVE-2022-30190, known as Follina, at the zero-day stage. These studies enable to understand attacker's motivations and attack backgrounds. This session will enable SOC analysts, IR team members, CSIRT personnel, and others to gain a deep understanding of the latest APT attack trends targeting East and South Asia including Taiwan that have never been reported so far, and to take concrete countermeasures.
Rintaro Koike is a security analyst at NTT Security Holdings. He is engaged in threat research and malware analysis. In addition, he is a founder of "nao_sec" and is in charge of threat research. He focuses on APT attacks targeting East Asia and web-based attacks. He has been a speaker at HITCON, VB, SAS, Black Hat USA Arsenal and others.
Shota Nakajima is a Senior Threat Intelligence Analyst at Cyber Defense Institute, Inc. He is engaged in threat research and malware analysis, incident response. Besides, he belongs to the non-profit cyber-security research team, a.k.a nao_sec and analyzing malware in the wild. He has spoken at domestic and international conferences such as JSAC, HITCON, and Black Hat EUROPE Arsenal.