SANS Cyber Threat Intelligence Summit 2023

Unmasking the Iranian APT COBALT MIRAGE
Lina Lau, Principal Incident ResponseConsultant - APJ South, Secureworks

From operational security failures to a Department of Justice (DOJ) indictment, COBALT MIRAGE likes to blur the lines between espionage and revenue generation. This talk uncovers the tactics, techniques and procedures deployed by COBALT MIRAGE from incidents worked at Secureworks. It's not often white hats see operational security failures unmask the identity of the adversary and even rarer to see it reflected in a DOJ sentencing. Attendees will learn about the critical role of contractor organizations in Iranian APT groups, crossovers in tooling between APT groups, techniques leveraged by COBALT MIRAGE to compromise organisations, inconsistencies in techniques, and the use of post-exploitation ransomware to generate company-specific revenue. Attendees will walk away with a stronger understanding of Iranian APT motivations, organizational structure, and sophistication.

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE