Paul Rascagnères Security Researcher, Talos
Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has been involved in security research for 7 years, mainly focusing on malware analysis, malware hunting and more specially on Advanced Persistence Threat campaigns and rootkit capabilities. He previously worked for several incident response team within the private and public sectors.
Cisco Talos identified an espionage campaign that mainly targeted Middle East that we named "DNSpionage". First, we will describe a malware targeting several government agencies in the Middle East, as well as an airline. During the research process for DNSpionage, we also discovered an effort to redirect DNSs from the targets and registered SSL certificates for them. We identified a dozen of countries targeted by this redirection. The January 22nd, U.S. DHS published a directive concerning this attack vector. In this presentation, we will present the timeline for these events and their technical details.