APT42: Wild Kittens and Where to Find Them
Charming Kitten, Phosphorus, TA453, and APT42. You’ve heard these names before, but who and what are they, and where can you find them? In this session, Mandiant analysts Emiel and Ashley will talk about APT42, a cluster of threat activity that conducts cyber espionage and credential harvesting on behalf of the Iranian government. APT42 is characterized by credential theft operations against corporate and personal email accounts and has consistently targeted Western think tanks and academics, current and former government officials, members of the Iranian diaspora in the United Kingdom, Israel, and the United States, as well as high-profile individuals within Iran.
This presentation will touch on the history of the group and, drawing on recent use cases, will illustrate how to leverage and turn the group’s bad habits and infrastructure patterns into reliable threat hunting techniques. It will cover how different third-party tools, like Censys, DomainTools, PassiveTotal, and VirusTotal are leveraged to identify new infrastructure in real time as well as changes in techniques over time. Attendance at this session will result in actionable takeaways for threat intelligence analysts!
Ashley Zaya is a Senior Threat Analyst on Mandiant’s Advanced Practices team. She spends her days analyzing data gathered on the frontlines and through external collection to better understand the techniques and malware used by today’s adversaries.
Ashley previously worked on Mandiant Security Validation’s Behavior Research Team where she researched and recreated adversaries’ attack techniques which allowed for organizations to test the efficacy of their security products through the Validation platform. Ashley is originally from Pittsburgh, Pennsylvania and studied Security and Risk Analysis at Penn State University.