Mathias Frank

Mathias is a Senior Incident Response Consultant at Mandiant and delivers emergency response services for clients facing security breaches. He specialises in providing enterprise-scale incident response operations for sophisticated network intrusions.
Mathias has led organisations and government bodies in responding to breaches by highly sophisticated adversaries such as nation-state sponsored espionage actors and cyber criminals aiming to extort or ransom victim organisations.


Session

02-11
14:30
30min
When diplomats send Beacon - A retrospective view of APT29 malicious phishing campaigns
Mathias Frank

In 2022, Mandiant identified spear-phishing activity targeting government entities, diplomatic missions, and international organizations in Europe and North America. The threat actors were using a variety of techniques and newly identified malware families that ultimately lead to disseminating BEACON malware payloads.

The extensive email phishing operations were performing covert cyber espionage, using CobaltStrike BEACON implant, which Mandiant publicly exposed in the blog “Trello From the Other Side: Tracking APT29 Phishing Campaigns” and attributed these campaigns to APT29; a Russian-nexus threat actor that’s also been attributed to the SolarWinds supply chain intrusions.

In this talk, Mathias will provide:
- A deeper overview of the various novel phishing campaigns they’ve observed since February 2021
- Any changes in APT29 phishing campaigns since the publication of findings in April 2022
- Showcase the malware utilized to gain a foothold into a victim's network.
- Provide recommendations for defenders to mitigate risks

Track 2 - Foxhunter