The Tyurin Indictment- Mapping To The Mitre ATT&CK™ Framework

October 9, 2019 Digital Shadows

Director of Security Engineering, Richard Gold, joins Viktoria Austin in this special episode of ShadowTalk to look at the attacker goals, their TTPs, and map this to the Mitre PRE-ATT&CK and ATT&CK framework.

Learn more in Richard Gold’s blog here:

Some Background…
Between 2012 to mid-2015, U.S. financial institutions, financial services corporations and financial news publishers fell victim to one of the largest computer hacking crimes. The hacking resulted in the theft of information belonging to 100 million customers of the victim companies (including the theft of personal data from 83 million customer accounts at JPMorgan Chase), and securities fraud, in the form of stock market manipulation. While the crimes committed date back to 2015, this week, one of the hackers involved, identified as Andrei Tyurin, pleaded guilty to the following charges:  computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with his involvement in a massive computer hacking campaign targeting U.S. financial institutions, brokerage firms, financial news publishers, and other American companies. 

Previous Report
Two-Factor in Review
Two-Factor in Review

A technical assessment of the most popular mitigation for account takeover attacks

Next Post
Domain Squatting: The Phisher-man’s Friend
Domain Squatting: The Phisher-man’s Friend

Simon talks about how easy it is to conduct domain squatting and typosquatting, and how little monitoring s...