10-23, 17:45–18:15 (Europe/Luxembourg), Europe - Main Room
In May 2024, the NATO publicly condemned cyber espionage operations carried out by a Russian state-sponsored group against targets in Germany and Czechia. We track this group as ITG05 sharing overlaps with APT28, UAC-0028, Forest Blizzard and Fancy Bear. In addition to Germany and Czechia, a large number of NATO member states as well as the Ukraine have been subject to long-term intelligence gathering missions executed by ITG05. ITG05 is also linked to the hack of the German Bundestag in 2015 as well as the attacks targeting the 2016 US presidential elections.
In this talk we will cover all aspects of ITG05's most recent campaigns, carefully following the timeline of evolving TTPs resulting from shifts in priorities and resources. The most recent lures are indicative of high-profile targets across the globe, and the continuous improvement of malware deployment and capabilities are evidence of the significant threat posed by ITG05. The audience will experience an in-depth analysis tracing malware such as Headlace, Masepie and Oceanmap back to its origins. Finally, we will take a quick peek into the crystal ball and discuss what the future might hold.
Golo is a malware reverse engineer and threat researcher with IBM X-Force, where he spends his time digging into the dark arts of cybercrime. With a passion for tracking threats he's developed expertise in analyzing and reporting on a wide variety of maliciousness, ranging from banking trojans and botnets to high-profile ransomware and nation state actors. He is dedicated to sharing his research to help others stay ahead of emerging threats.