Lazarus APT vs Banking Sector: Combining CTI & DFIR to Investigate APT Intrusions
- Jess Garcia
- Tuesday, December 10th, 7:00pm - 8:00pm
The Lazarus APT Group, tied to the North Korean government, has been heavily targeting the banking sector worldwide during the last few years. Near 100 million dollars were stolen from the Bank of Bangladesh, which very close became 1 billion dollars, and several others followed. A little later, the whole Polish and Mexican banking sectors were targeted, only to be discovered 4 months later. Extensive Cyber Threat Intelligence was published in Open and Closed Sources about these incidents, allowing Incident Responders in the affected organizations to properly address the Threat, illustrating the key role that CTI plays in DFIR today. In this talk Jess Garcia, who was fighting some of these incidents in the trenches with his team at One eSecurity, will show you how to combine Cyber Threat Intelligence, Forensics and Malware Analysis to carry out an effective Incident Response in the context of an APT Incident.
Location: Ballsaal 1
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Tuesday, December 10
Session | Speaker | Time | Type |
---|---|---|---|
Higher Value Pentesting and Minimum Viable Methodologies | Chris Dale | Tuesday, December 10th, 6:00pm - 7:00pm | SANS@Night |
Lazarus APT vs Banking Sector: Combining CTI & DFIR to Investigate APT Intrusions | Jess Garcia | Tuesday, December 10th, 7:00pm - 8:00pm | SANS@Night |
5 Years of Applied CTI Discipline: Where Should Organisations Put Focus On? | Andreas Sfakianakis | Tuesday, December 10th, 8:00pm - 8:30pm | SANS@Night |
Wednesday, December 11
Session | Speaker | Time | Type |
---|---|---|---|
SANS Frankfurt Social Night | — | Wednesday, December 11th, 6:00pm - 8:00pm | Special Events |
Friday, December 13
Session | Speaker | Time | Type |
---|---|---|---|
SANS Frankfurt Xmas Jumper Day | — | Friday, December 13th, 9:00am - 5:00pm | Special Events |