Presentations - Why nation-state malwares target Telco Networks: Dissecting technical capabilities of Regin and its counterparts

  • Location: Security Theater
  • Speaker: Omer Coskun
  • Date and time: 10. October 2015. 13:10 - 13:55

In this talk, we are going to break down the Regin framework stages from a reverse engineering perspective.

The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such as Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, they have almost exclusively focused on the executables or the memory dump of the infected systems - the research hasn't been simulated in a real environment.
 
In this talk, we are going to break down the Regin framework stages from a reverse engineering perspective - kernel driver infection scheme, virtual file system and its encryption scheme, kernel mode manager- while analyzing its behaviors on a GSM network and making technical comparison of its counterparts - such as TDL4, Uruborus, Duqu2.

Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical