Day 2

Unraveling the Mind behind the APT

Session complexity:
13:35 - 14:00

Interested in buying a new car or attending a free wine tasting event? Well, there’s at least one Advanced Persistent Threat (APT) group that hopes you are! This talk delves into the phishing campaigns sent by the world’s most sophisticated APTs. It examines an extensive collection of thousands of APT phishing emails, sometimes associated with major security breaches, tracing the evolution of these cyber threats over time.

The focus is particularly on the pretexting and persuasion tactics employed by these actors, and the potential for attributing attackers based on these strategies. With a large volume of sensitive emails to analyze, a local Large Language Model (LLM) is trained to extract underlying pretext and persuasion techniques. Additionally, this enriched dataset is trained to categorize these emails according to a custom classification framework designed for this purpose and predict the author of a new phishing campaign according to these features.

This approach not only helps in understanding how APTs lure individuals into their malicious activities but also enhances the capability of threat intelligence analysts to attribute new campaigns to known threat actors. Attend this talk for insights into the classification and attribution of APT spear phishing emails, uncovering the often underestimated role of pretexting and persuasion in attribution and showcasing several successful cases where this concept aided in attributing attacks.

Speakers in this session

Sanne Maasakkers