Thrip, A China-linked cyber espionage group was discovered breaching the systems of satellite operators, telecommunications companies and defense contractors located in the United States and Southeast Asia. Our presentation will discuss the methods analysts used to identify and attribute the activity covering an eight-month campaign. Specifically, our latest research identified the group in an aggressive campaign using custom developed malware in conjunction with legitimate administration tools and resources present in the victim’s environment. This presentation will tell the story of how Symantec analysts identified the advanced attacker detailing their motivations, tactics and profiling of an elite espionage group.
Jon DiMaggio a Senior Threat Intelligence Analyst at Symantec with the Security Response group and has over 14 years of experience in hunting and attributing Advanced Persistent Threats (APTs) specializing in cyber espionage and organized targeted cybercrime. He is a recognized leader in the cyber industry and has authored several published white papers and many blogs on previously unknown cyber espionage attackers. Jon has conducted numerous speaking engagements to include various closed-door law enforcement and US government-related conferences. Jon has been looked to as a subject matter expert and detailed much of Symantec's research with global news organizations such as Fox, CNN, Reuters, Forbes, Dark Reading and many more.