Mobile APTs: A look at nation-state attacks and techniques

DerbyCon 7.0 - Legacy

Presented by: Michael Flossman
Date: Saturday September 23, 2017
Time: 17:00 - 17:25
Location: Stable Talks

Michael Flossman - Mobile APTs: A look at nation-state attacks and techniques for gathering intelligence from military and civilian devices

As we increasingly rely on mobile devices to create, access, and modify sensitive information, sophisticated nation-state actors such as Russia, Israel, and the U.S. are being forced to expand their traditionally desktop focussed toolsets to now include a mobile surveillanceware capability. This talk will dive into mobile APTs, the nation-state actors leveraging them, and the commonalities and differentiators they share. We will specifically discuss the families ViperRAT and FrozenCell, two bespoke Android surveillanceware tools. One is being deployed against Palestinian individuals and organizations in conjunction with a desktop component, while the other has been seen in targeted attacks against Israeli Defense Forces personnel. Our unique insight into attacker infrastructure allows us to see how widely deployed these tools are and what information has been exfiltrated from compromised devices. The internals of these tools, their capabilities, command and control infrastructure, and their ability to successfully retrieve intelligence from compromised devices will be presented.

Michael Flossman

Michael is a security analyst at Lookout where he works on reverse engineering sophisticated mobile threats while tracking their evolution, the campaigns they are used in, and the actors behind them. He has hands-on experience in vulnerability research, incident response, security assessments, pen-testing, reverse engineering and the prototyping of automated analysis solutions. When not analyzing malware there’s a good chance he’s off snowboarding, diving, or looking for flaws in popular mobile apps.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats