xorl %eax, %eax

BSides Athens 2021: .GR TLD hijacking

leave a comment »

Last year I presented a high-level/strategic cyber threat landscape for Greece as a country. My methodology back then was to split the threats to three broad categories (hacktivism, cyber-crime, and cyber-espionage) and do my research from a historical perspective. Meaning, what has been happening in the past and what assessments we can make from that for the future.

This year I wanted to do something different, move to the tactical level and talk about a specific cyber-espionage operation targeting Greece. Thankfully, my submission was accepted and in mid-June I got the opportunity to present my research which is currently publicly available through BSides Athens official Youtube channel.

I had to rush this talk a little bit due to time constraints, but hopefully I did it on the less important parts, leaving sufficient time to go through the more crucial parts of the presentation.

If you want to know more about the talk, you can watch the video. Here I’d like to use this space to encourage more people to talk about those lesser known cyber-espionage activities since it’s easy to get sucked into the large players like the, so-called, “big 4” threats to the US government, the FIVE EYES, and others. What about the rest of the world though?

Greece is an example of that. Although a small country, I had many recent and interesting cases to choose from for this talk. Multiple Turla operations, numerous cyber-espionage operations from FIVE EYES and China… But this one was one of those subtle, yet very impactful operations for the general region, also considering the past operations of this threat actor (see the presentation for an overview of those).

So, if you’re reading this and you’re looking for research topics for your next presentation, consider researching something regional, something not so well known outside of your country… This will help everyone improve their situational awareness, and who knows… You might even uncover a previously unknown nation-state actor.

On a final note, I’d like to give a huge thanks to the BSides Athens team for all their hard work before, during, and after the event, as well as Cisco TALOS who was the only one that publicly released some IOCs for this operation. Those were the most valuable starting point for my research. Lastly, after my talk I had the opportunity to learn many more details about this, and other, operations from several organizations that reached out to me, and I’d like to thank them too for all the feedback, knowledge, and experience they shared with me.

Written by xorl

July 7, 2021 at 12:01

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s