Warren Mercer Security researcher, Talos
Warren Mercer joined Talos coming from a network security background, having previously worked for other vendors and the financial sector. Focusing on security research and threat intelligence, Warren finds himself in the deep, dark and dirty areas of the Internet and enjoys the thrill of the chase when it comes to tracking down new malware and the bad guys! Warren has spent time in various roles throughout his career, ranging from NOC engineer to leading teams of other passionate security engineers. Warren enjoys keeping up to speed with all the latest security trends, gadgets and gizmos; anything that makes his life easier in work helps!
Cisco Talos identified an espionage campaign that mainly targeted Middle East that we named "DNSpionage". First, we will describe a malware targeting several government agencies in the Middle East, as well as an airline. During the research process for DNSpionage, we also discovered an effort to redirect DNSs from the targets and registered SSL certificates for them. We identified a dozen of countries targeted by this redirection. The January 22nd, U.S. DHS published a directive concerning this attack vector. In this presentation, we will present the timeline for these events and their technical details.