Conference:  Defcon 31

Authors: Mikko Hypponen Researcher, WithSecure

2023-08-01

Russia is the world’s largest country. I’ve lived all my life in Finland, about a hundred miles from the Russian border. Finland has learned to live next to a very large and very unpredictable neighbor. Both my grandfathers fought Russia in the second world war. Today, Finland ranks as one of the least corrupted countries in the world, while Russia ranks as one of the most corrupted countries. How is that even possible? As Russia has grown more aggressive over the last decade and as it violently attacked Ukraine, attitudes about neutrality changed quicky in my home country. When Finland joined NATO in April 2023, NATO more than doubled its land border with Russia – which is probably not what Putin had in mind. This talk will summarize the developments of the Russian cyber programs and about Russian patriotic hacker groups that got us into where we are today and makes educated guesses about where Russia will be headed next.

Conference:  Black Hat Asia 2023

Authors: Imran Saleem

2023-05-12

The talk is mainly driven by the cyber intelligence gathered in response to political shifts in the region. The core focus of the talk is to bring awareness, and reveal actionable intelligence to a larger set of audience, specifically operators to take solid measures to ensure they have cyber resilience when it comes to handling these nation-state attacks during conflicts. As the theme of the talk is cyber-attacks during conflicts, we will share a glimpse of intelligence that was captured during the US forces' withdrawal from Afghanistan. We will discuss the timeline of the US withdrawal and how these activities were directly reflected and seen on the global signalization. We will also share our intelligence gathered around the Russian and Ukraine conflict and how mobile networks were weaponized to inflict cyber war with a primary focus on nation-state activity led by Russian sources/identity holding various objectives (i.e hostile registration, location tracking and surveillance, SMS hijack, account takeover performing identity impersonation, identity spoofing via SS7 on link level and upper layers, and zero-day exploit techniques used in an attempt to bypass security control). These activities were supported by fuzzing looking to evade security defenses. Redacted network capture would be used to demonstrate the attack methodology. We will also walk through and provide evidence of how zero-day exploits on the global Signaling are incurring financial losses for mobile operators. The talk brings a unique perspective for mobile network operators on how revisiting their efforts in building a concrete cyber resilience security strategy can prevent operators from financial and reputational losses and prepare them for hybrid war.Please note that this will be a remote (virtual) presentation.