Get the Skills you need from Home with SANS OnDemand


To attend this webcast, login to your SANS Account or create your Account.

STAR Webcast: xHunt - An Anime Fan's Attack Campaign in the Middle East

  • Wednesday, March 25th, 2020 at 10:30 AM EDT (14:30:00 UTC)
  • Katie Nickels, Brittany Barbehenn and Robert Falcone
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!




Rundown STAR Webcast Series hosted by Katie Nickels

Between May and June 2019, we observed previously unknown tools used in the targeting of transportation and shipping organizations based in Kuwait, all of which their developer named after characters of a popular anime series. These tools were previously unknown, and we had no connections to previous attack campaigns, so we began researching this threat activity to share our findings with the community. While pivoting to other related tools and infrastructure, we found another tool named after a weapon used in another anime series that was likely developed by the same individual. This additional tool is related to known attacks carried out in June and July of 2018 on government organizations in Kuwait. Our presentation will discuss this attack campaign and explore the pivots we made while performing this research, as well as the tools and TTPs used by the actors in this campaign and throughout 2019.

Speaker Bios

Katie Nickels

Katie is a SANS instructor for FOR578: Cyber Threat Intelligence and a Principal Intelligence Analyst for Red Canary. She has worked on cyber threat intelligence (CTI), network defense, and incident response for nearly a decade for the DoD, MITRE, Raytheon, and ManTech. Katie is a SANS instructor for FOR578: Cyber Threat Intelligence. Katie hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at BSidesLV, the FIRST CTI Symposium, multiple SANS Summits, Sp4rkcon, and many other events. Katie is also a member of the SANS CTI Summit and Threat Hunting Summit Advisory Boards. She was the 2018 recipient of the President's Award from the Women's Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM. You can find Katie on Twitter @LiketheCoins

Brittany Barbehenn

Brittany is a Cyber Threat Intelligence Analyst with Palo Alto Networks' Unit 42 team. She is responsible for the collection, analysis, and production of intelligence on adversaries targeting organizations around the world. Her background spans over 10 years supporting many disciplines in both the private and public sectors including Cyber Threat Intelligence, Network Defense Architecture Engineering, Cyber Operations Planning, Business Continuity, IT Disaster Recovery, and Whole-of-Organization security assessments.

Robert Falcone

Robert is a Threat Researcher on Palo Alto Network's Unit 42 team who has spent over 10 years focusing on malware analysis, reverse engineering and tracking threat actors, primarily those associated with cyber espionage and targeted attacks. He has also worked as a security engineer within an operations center for a managed security service focused on intrusion detection and prevention.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.