Profile

HomeProfilesAshley Shen

Ashley Shen

Security Researcher at Cisco Talos

Chi-en Shen (Ashley) is security researcher at Cisco Talos. She specializes in researching emerging threats, including nation-state targeted attacks, financially motivated crimes, spyware, and exploitation carried out by mercenary groups. Previously, she worked as a security engineer at Google Threat Analysis Group, where she focused on zero-day exploit hunting and tracking botnets. Prior to that, she was a member of the Mandiant Global Research Team, where she tracked APT groups in APAC and contributed to the development of the Threat Intelligence platform.

Passionate about supporting women in InfoSec, Ashley co-founded HITCON GIRLS, the first security community for women in Taiwan. Additionally, she serves as an organizer for Rhacklette, a security community for FINTA in Switzerland. To support the security community, Ashley serves as a review board member for Black Hat Asia, Hacks in the Box and HITCON conferences. She has also shared her expertise as a speaker at conferences such as Black Hat, Hack in the Box, HITCON, FIRST, CODE BLUE, Troopers, Confidence, RESET, and others. In her free time, she enjoys playing CTF and travel.

AllSessions

Day 1
May 9, 2024
11:30 am

Follow the Moonshine: Unravelling Poison Carp's Trail to a Chinese Mercenary's Arsenal

Ashley Shen
9 May
Time:  11:30 am - 12:00 am
Location: 
Speaker:  Ashley Shen

As more attention is given to mercenary groups that offer exploits and surveillance capabilities to government clients, disclosures about organisations like NSO Group and Intellexa have exposed the comprehensive ecosystem that fuels government espionage through commercial surveillance tools. These insights highlight the spread of advanced spyware and provide crucial information to avoid inaccuracies in constructing actor profiles. However, apart from the pivotal iSoon leak, information about the Chinese mercenary companies remains scarce.

In this presentation, I will share my research toward Poison Carp (aka Evil Eye), a Chinese espionage group disclosed by Citizenlab and Lookout using both Android and iOS exploits with implants to target Tibetan and Uyghurs groups in the large-scale surveillance campaign. By tracking their malware and C2 infrastructure in the latest campaign, we were able to identify a significant tool that allows us to understand the exploitation approach and gain more insights into the attacker's operation workflow. Beside new tools, we also uncover a Chinese mercenary group that likely sold tools or operated for Poison Carp. We were also able to identify the arsenal and perform technical analysis on their tools.

This presentation will not only unveil our latest discoveries about the mercenary company but also share our strategic approach to pivoting and analysis. Additionally, I'll delve into the intriguing journey this research took me on, and disclose some of the rabbit hole with unresolved mysteries.