Assessing MH17-Themed Cyber Threats
Predict 21: The Intelligence Summit Register Today

Assessing MH17-Themed Cyber Threats

July 30, 2014 • Matt Kodama

In our webinar today we assessed the aftermath of the MH17 tragedy from a threat intelligence perspective. Together with our guest Rich Barger, Chief Intelligence Officer of Cyber Squared Inc., we expanded on our previous assessment to address MH17-themed cyber threats by blending open source intelligence (OSINT) with network-derived intel – with a particular focus on NetTraveler.

As IT security experts have noted, it’s highly predictable any natural or man-made disaster which fixates popular attention will be exploited to create lures. The specific implementation could be phishbait for a malicious email link or attachment, or it could be clickbait posted on social media which leads to a malware infection, or even targeted reconnaissance through a watering hole attack. The fundamental “vulnerability” is human nature – we care about the disaster event.

It was sadly predictable the MH17 tragedy would be leveraged in this way, just like the MH370 tragedy before it. The threat intel question for defenders of a particular network is targeting and motivation. A few infected endpoints related to some ad serving scam is a nuisance. A spearphishing email that fosters an advanced persistent threat (APT) in your network is an urgent incident.

Together with Rich, we looked at the MH17 aftermath from this perspective. We reviewed the relevant threat history and highlighted prior use of the NetTraveler malcode line, one to watch carefully for MH17-themed attacks. Rich enriched this discussion with infrastructure and CnC specifics developed using the ThreatConnect® Threat Intelligence Platform.

If you missed our webinar, you can still access the recording and find information about IOCs and CnC through ThreatConnect incident “20140722A: MH17 Black Boxes NetTraveler APT.”

New call-to-action

Related Posts

How The Stadtwerke Klagenfurt Group Reduces Risk to Critical Infrastructure

How The Stadtwerke Klagenfurt Group Reduces Risk to Critical Infrastructure

November 17, 2020 • The Recorded Future Team

Key Takeaways The Stadtwerke Klagenfurt Group delivers essential municipal services,...

Security Intelligence Handbook Chapter 2: Examining Operational and Strategic Security Intelligence

Security Intelligence Handbook Chapter 2: Examining Operational and Strategic Security Intelligence

November 12, 2020 • The Recorded Future Team

Editor’s Note: Over the next several weeks, we’re sharing excerpts from the third edition of...

How Predict 2020 Disrupted the Status Quo

How Predict 2020 Disrupted the Status Quo

October 9, 2020 • The Recorded Future Team

While Predict 2020 looked a bit different this year, the world’s largest security intelligence...