{"id":16918,"date":"2019-11-18T10:52:16","date_gmt":"2019-11-18T18:52:16","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/11\/18\/news-10655\/"},"modified":"2019-11-18T10:52:16","modified_gmt":"2019-11-18T18:52:16","slug":"news-10655","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/11\/18\/news-10655\/","title":{"rendered":"VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees"},"content":{"rendered":"

In June, employees at cryptocurrency exchange\u00a0Coinbase<\/em>\u00a0were targeted by emails linking to a website that used two zero-day vulnerabilities in the Firefox<\/em> browser to deliver macOS<\/em> malware. The malware, dubbed ‘NetWire’, had previously been known but the exploit allowed it to bypass built-in protections against it. The NetWire sample was analysed by regular VB conference speaker Patrick Wardle in three parts (1<\/a>, 2<\/a>, 3<\/a>) on his blog.<\/p>\n

Coinbase<\/em> wasn’t the only exchange targeted though. In a presentation at VB2019 in London, LINE<\/em>‘s\u00a0HeungSoo (David) Kang disclosed that\u00a0LINE<\/em>, which also operates cryptocurrency exchanges, had been targeted in the same campaign.<\/p>\n

In his talk,\u00a0HeungSoo explained both how the attack works and what it looked like from both the defender’s and the adversary’s point of view. Though attacks using zero-days are rare, when they happen they provide an excellent opportunity to highlight the pain points for a blue team.<\/p>\n

Today, we published the video of\u00a0HeungSoo’s presentation in London.<\/p>\n