Profile

HomeProfilesAleksandar Milenkoski

Aleksandar Milenkoski

Senior Threat Researcher at SentinelLabs

Aleksandar Milenkoski is a Senior Threat Researcher at SentinelLabs. With expertise in malware research and focus on targeted attacks, he brings a blend of practical and deep insights to the forefront of cyber threat intelligence. Aleksandar has a PhD in system security and is the author of numerous reports on cyberespionage and high-impact cybercriminal operations, conference talks, and peer-reviewed research papers. His research has won awards from SPEC, the Bavarian Foundation for Science, and the University of Würzburg.

AllSessions

Day 2
May 10, 2024
3:45 am

There’s more “Un” To This Story | The Details We Did Not Share

Aleksandar MilenkoskiTom Hegel
10 May
Time:  3:45 am - 4:15 am
Location: 
Speaker:  Aleksandar MilenkoskiTom Hegel

In this talk, we reveal previously undisclosed details about several North Korean APT activities we have unearthed over the past months. Our objective is to enrich the accumulated intelligence on the North Korean cyber threat landscape within the community and contribute to a deeper understanding of the evolving tactics used by its constituent groups.

This presentation begins by revealing deceptive lateral movement tactics observed during our investigation into an intrusion at NPO Mashinostroyeniya, a Russian missile engineering firm. We then explore ScarCruft's testing grounds — a collection of malware recovered during the planning and testing phases of the group's development cycle, likely intended for future campaigns. We disclose here our insights into ScarCruft's infrastructure, malware implementation processes, and experimentation with staging and evasive techniques. In concluding the technical discussion, we share curious relationships to cryptocurrency scams, highlighting North Korea's evolving interest in the cryptocurrency industry.

During times of major shifts in the North Korean foreign policy, the future trajectory of the country's cyber activities is uncertain. We conclude our presentation by speculating on potential changes in North Korea's cyber strategies and their implications for threat intelligence collection and effective defense.