Kristin Del Rosso

Ghost in the Breach: Using breach intelligence to hunt hidden Russian assets

Following the invasion of Ukraine, increased sanctions against Russian individuals and entities led to an increase in large-scale, fully litigated judgments and the creation of international task forces focused on seizing assets from Russian oligarchs.

Russian individuals and entities have repeatedly employed extensive obfuscation techniques and utilized shell corporations in multiple jurisdictions globally, to successfully hide or transfer assets – this is, until their data got leaked. The ever growing amount of data leaks has proven to be a valuable tool for additional researcher context, as well as novel information sourcing, theory confirmation, and new asset discovery.

We will delve into two real-world use cases where breach data provided crucial insights, uncovering additional US assets belonging to a sanctioned oligarch, as well as another entity’s coordinated efforts to control assets based on insider knowledge of the Russian invasion, in a preemptive attempt to remain a beneficiary while avoiding impending sanctions.

There is a growing importance of data leaks in augmenting OSINT investigations, and participants will leave aware of potential data leaks that can be used as invaluable resources, as well as best practices when sorting through the data.

Kristin Del Rosso is the Public Sector CTO for Sophos, with a background in incident response and threat intelligence. With a range of corporate experience, she has successfully launched and grown multi-million dollar security offerings, as well as focused on hands on malware reverse engineering, malicious actor tracking, vulnerability research, and OSINT investigations. She enjoys threat hunting and learning about new forms of security research, and in her spare time can be found gardening and working with startups.