Rufus Brown

Principal Threat Analyst at Mandiant

Rufus Brown is a Principal Threat Analyst and Technical Lead on Mandiant’s Advanced Practices team specializing in attribution and malware tradecraft. His joint research into APT41 was covered by national media outlets.

Social twitter linkedin

AllSessions

Day 1

May 9, 2024

3:40 pm

Don't Fall Asleep On This: Tracking a Global Espionage Campaign

Rufus Brown

9 May

Time: 3:40 pm - 4:10 pm

Location:

Speaker: Rufus Brown

The targeting of edge devices without EDR continues to remain a common vector amongst particular threat actors. The targeting of these devices alongside the deployment of sophisticated malware, zero-days, router botnets, and novel techniques remains a significant challenge for defenders. Since 2021, a sophisticated Chinese state-sponsored threat actor has conducted a global campaign targeting vulnerable edge devices and embedding themselves deep into target networks. Analysis of this campaign revealed a well-resourced actor who continues to remain active today.

In this talk, we will take a set of known infrastructure attributed to this actor and walk through the analytical methodologies and pivots used to expand our knowledge and visibility over time. We will introduce faults in the tooling and methodologies used along the way and attempt to identify meaningful solutions. Attendees should walk away from this talk with a deeper understanding of the analytical methodologies and pivots used, tracking the actor or similar clusters, and the importance of maintaining visibility.

Profile

Rufus Brown

AllSessions

Don't Fall Asleep On This: Tracking a Global Espionage Campaign

[email protected]