Webinar: Reverse Engineering Gamaredon’s Infrastructure
Webinar details
Date released: Monday 6 November 2023
Level: Intermediate
Duration: 30 mins (25 mins + 5 mins Q&A)
In this webinar, lead Threat Analyst, Inês Véstia, will be exploring Gamaredon’s use of wildcard A records, ASN providers and name servers to evade conventional detection methods that rely on IOCs linked to a single point in time.
The webinar will demonstrate how to track the underlying infrastructure that accommodates an attack – apex domains, ASNs, registrars, authoritative name servers etc. – and extrapolate correlative datasets that allow security teams to identify patterns in attacker behaviour – ASN and IP diversity data, naming conventions etc.
Access the webinar
This webinar can be accessed by filling out the form below. Due to the contents of this webinar, we manually approve each individual who requests access. This means you may have to wait up to 24 hours to receive your personal login code. Thank you for your understanding.
Background
Gamaredon – also known as Primitive Bear, Actinium or Shuckworm – are a Russian Advanced Persistent Threat (APT) group that has been active since at least 2013, historically across the US and the Indian Subcontinent, and more recently in Ukraine, including reported attacks on Western government entities.
Gamaredon are a highly-belligerent threat group who deviate from the standard-hit and-run tactics used by other APT groups, by propagating sustained attacks that are both heavily obfuscated and uniquely aggressive.