The Internet Last Week
* Botconf 2024
https://www.botconf.eu
* Telegram service disruption
https://www.bleepingcomputer.com/news/technology/telegram-is-down-with-connecting-error/
https://mastodon.social/@netblocks/112338511213053321
* Europe/Asia subsea cable faults
https://status.digitalocean.com/incidents/21gg18q1ddmv
* Atlas VPN shutdown and NordVPN migration
https://atlasvpn.com/blog/announcement
Nice presentation by Victor Chebyshev at @botconf on #LightSpy2, the next stage payload dropped by #DragonEgg and #Wrmspy attributed to APT41 https://youtu.be/dk-9X5FczPY?feature=shared #Botconf2024
#Botconf2024 - For those who missed it we are live at https://www.youtube.com/BotconfTV
#Botconf2024 is also proud to be supported by our Platinum sponsors #SANSEMEA, #Siemens and #CiscoTalos !
#Botconf2024 was made possible this year with the support of our official partners @CECyF Commandement du ministère de l’Intérieur dans le cyberespace (#COMCYBERMI) and #EURECOM whose staff (and their precious time!) are involved in the organising team
First afternoon session for #Botconf2024 after a healthy lunch !
"Opera1er: from tracking the threat actor to detaining a criminal behind" by Anton U. & Hugo RIFFLET is the first talk this afternoon.
More about this threat actor and their destiny on INTERPOL's website:
#Botconf2024 has started this morning and we are already deep into the first talks. The full schedule is available at https://www.botconf.eu/schedule/
We will announce the talks we broadcast on our social networks and they will be available from https://www.youtube.com/BotconfTV
This conference would not be possible without the speakers of course, but also thanks to our great sponsors ! This year #Proofpoint and #Qintel are supporting #Botconf2024 as Diamond sponsors. Thank you so much !
#Botconf2024 is heating up! Great workshops this afternoon and speakers' dinner tonight ! See you all tomorrow morning !
#ESETresearch has discovered a new campaign by China-aligned #APT #EvasivePanda, leveraging the Monlam Festival to target Tibetans. The campaign included a targeted watering hole, compromised news website, and an additional supply-chain attack to deliver malware for Windows and macOS, including a backdoor we have named #Nightdoor. https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/
Attackers compromised the Kagyu International Monlam Trust website to use as a watering hole. Malicious, obfuscated JavaScript was appended to a script executed when potential victims visit the site, testing whether the visitor’s IP address is in one of several IP ranges.
These ranges indicate a targeted attack looking to compromise networks in 🇮🇳, 🇹🇼, 🇦🇺, 🇺🇸 and 🇭🇰. The chart shows the distribution of targeted IP ranges. Interestingly, one of the targeted networks we identify is a high-profile university in the US.
In the supply-chain, compromise attackers planted trojanized installer packages of Tibetan language translation software developed by a company based in India. The installers for Windows and macOS deployed both a malicious dropper and the legitimate software application.
We found several downloaders whose C&C servers provide a JSON object pointing to the next stage – another downloader or an installer for backdoors including EvasivePanda’s traditional #MgBot and Nightdoor. The latter is a full-featured backdoor using Google Drive for its C&C.
ESET researchers Facundo Munoz (@0xfmz) and Anh Ho will be presenting their latest research on Evasive Panda activities and capabilities at the upcoming #Botconf2024. https://www.botconf.eu/provisional-schedule/
IoCs are available in ESET GitHub repository
In addition to your #Botconf2024 Conference tickets (valid for the main conference from Wednesday 24th to Friday 26th April 2024), you can now purchase additional workshop tickets that will take place on 23rd April 2024.
All workshops are in parallel and the tickets include a lunch starting at 12PM.
The #Botconf2024 programme Committee has almost finished its work and we have sent 90% of the results to our great candidates.
You will discover the first validated talks of the programme next week on our website.
... Only one little week left for submitting your talks and workshops for #Botconf2024
The programme committee are really looking forward to evaluating your proposals !
The #Botconf2024 CFP is now available (sorry for the little delay) and the deadline is the same: 1st December 2023.
https://www.botconf.eu/call-for-proposals/
