Michael Flossman - Mobile APTs: A look at nation-state attacks and techniques for gathering intelligence from military and civilian devices
As we increasingly rely on mobile devices to create, access, and modify sensitive information, sophisticated nation-state actors such as Russia, Israel, and the U.S. are being forced to expand their traditionally desktop focussed toolsets to now include a mobile surveillanceware capability. This talk will dive into mobile APTs, the nation-state actors leveraging them, and the commonalities and differentiators they share. We will specifically discuss the families ViperRAT and FrozenCell, two bespoke Android surveillanceware tools. One is being deployed against Palestinian individuals and organizations in conjunction with a desktop component, while the other has been seen in targeted attacks against Israeli Defense Forces personnel. Our unique insight into attacker infrastructure allows us to see how widely deployed these tools are and what information has been exfiltrated from compromised devices. The internals of these tools, their capabilities, command and control infrastructure, and their ability to successfully retrieve intelligence from compromised devices will be presented.