Monitoring 1st stage samples used by APTs and crime actors using images
Jose Luis Sanchez Martinez 🗣
Images are a common feature of documents, but they can also be a valuable source of intelligence for security analysts. By tracking the images that threat actors use in their documents or emails, analysts can gain insights into their procedures, as well as their potential targets and impersonated companies.
This presentation will discuss a new approach to tracking threat actors using images in office documents, PDFs and emails.
This type of approach has helped us find and track the Russian cyber espionage group Gamaredon and others such as the group known as Blind Eagle that is suspected to be from Latin America and other APTs/Crime groups. It will also discuss the challenges and limitations of the approach.