Red Team – How threat actors gain initial access into corporate environments | SASIG
Forgotten your password?

Tuesday 4 October 2022, 11am-12noon (BST)

Discover how the Cozy Bear advanced persistent threat (APT) actors use spear-phishing and OneDrive to gain access.

In this talk, we discuss the recent techniques used by APT29, also known as Cozy Bear. The government-sponsored group has been using a spear-phishing campaign with embedded malicious links leveraging legitimate OneDrive functionality to gain an initial foothold into organisations.

We demonstrate the full attack chain, including how ATPs can abuse the legitimate Microsoft OneDrive Updater to load a Command and Control (C2) Dynamic Link Library (DLL) into a legitimate target process and establish an encrypted backdoor connection into the victim’s system.

Watch this webinar to discover the indicators of compromise, how to mitigate these types of attacks, and whether technical perimeters are enough.

 
Guest chaired by

Lee Cramp (info), DPO, DRO and Information Security, Department of Health and Social Care

 
Presented by

Sadi Zane (info), Principal Security Consultant, BSI

Log in to watch the webinar on demand


Log in here
Company address

SASIG Events Limited
Central House, 1 Alwyne Road
Wimbledon, London
SW19 7AB

Company registration No: 10817566

Talk to the team

+44 (0) 1234 707035
info@thesasig.com

Website terms
This website uses cookies, by continuing to use the site you agree to using cookies. Continue