Threat Actor Collaboration and Framework for Comparative Attribution - A Case Study

Explore a 35-minute conference talk from SANS that delves into the evolving landscape of threat actor collaboration and attribution challenges. Learn how cyber criminals are monetizing their operations through shared capabilities, from selling stolen credentials to renting out ransomware-as-a-service. Examine the historical leadership of espionage-motivated threat actors, particularly those from China, in tool sharing practices like PlugX, ShadowPad, and PoisonIvy. Follow a detailed case study of the China-based threat actor "Red Ishtar" to understand the complexities of tracking and attributing cyber threats across multiple intrusion sets. Gain practical insights through a threat-agnostic framework for comparative attribution analysis, designed to help navigate intelligence from various sources and understand threat actor behavior in an increasingly collaborative cyber threat landscape. Presented by Jono Davis, Senior Analyst from PwC Global Threat Intelligence Team, this talk equips security professionals with tools to detect and analyze shared capabilities among threat actors.