|
|
|
|
|
|
by x0ner
3291 days ago
|
|
|
I've done a significant amount of research on these threat actors. Despite the high tech exfiltration method and nation state support, researchers were still able to easily find their infrastructure. Satellite communications were encrypted via self-signed ssl certificates. Using internet scanning, we could track their IP addresses and associated domains using the SHA-1 of their certificate (map certificate to hosting IP). Happy to answer questions, but you can also read more here. https://blog.passivetotal.org/snakes-in-the-satellites-on-go... |
|
|