In this talk we will trace the evolution of politically motivated targeted malware attacks in Asia and (diaspora groups related to Asia) over the past five years.
We have been tracking targeted attack campaign attacks against human rights groups, independent media organizations, and political parties in communities related to Hong Kong, China, and the Tibetan diaspora.
Through cluster analysis we identify a series of distinct attack campaigns grouped around common infrastructure, malware families, and social engineering. This analysis reveals overlap in targeting between groups from different communities and in some cases show the same attackers targeting civil society groups also target industry and government. We track these campaigns over time and monitor how attackers shift technical and social engineering tactics.
We conclude with discussion of how targeted groups have used both technical and behavioural countermeasures in response to these attacks and what can be done going forward to better analyze and defend against these threats.