How persistent is an APT? Battling Three Threat Actors in a Single Environment

Thu, 27 Jun 2024 @ 11:30:00

As seasoned incident responders we help organizations eradicate and remediate threat actors on a daily basis. Yet, what happens when our efforts to neutralize one threat inadvertently collide with another? Imagine the scenario: you’re on the verge of thwarting a financially motivated threat actor, only to discover that your actions disrupted the operations of a Chinese state-sponsored adversary. And just as you prepare to execute a kill-switch operation against the first, a second Chinese APT emerges, throwing a wrench into your carefully laid plans. In this presentation, we delve into the intricacies of combating multiple threat actors concurrently. Drawing from real-world experiences, we offer a firsthand account of the cat-and-mouse game that unfolds between incident responders and their adversaries. We’ll uncover the tactics employed by highly persistent threat actors in response to our remediation efforts. From adapting indicators of compromise (IOCs) to evading detection within networks, we’ll shed light on the myriad challenges encountered. Join us as we share our lessons learned and strategies for combating state-sponsored threat actor.