How Threat Intelligence Helped Us Defend and Respond to a Nation-State-Sponsored Threat Actor
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- This paper presents a comprehensive analysis of a real-world incident, referred to as "The D.R. Incident," when the Dominican Republic National Computer Security Incident Response Team (CSIRT) we uncovered a sophisticated threat actor compromising a wide spectrum of targets, including governmental, private, and critical infrastructure entities.
The core focus of this paper revolves around the instrumental role played by threat intelligence in both defending against and responding to the nation-state-sponsored threat actor. We delve into the utilization of publicly available threat intelligence sources and, critically, the generation of our own threat intelligence tailored to the specific incident. We outline how these sources of threat intelligence were leveraged to gain critical insights into the adversary's tactics, techniques, and procedures, enabling effective response and mitigation strategies.
Furthermore, this paper aims to emphasize the importance of sharing valuable threat intelligence with the broader cybersecurity community. We discuss how the knowledge and lessons learned from "The D.R. Incident" can be utilized to enhance the collective cybersecurity posture, emphasizing the collaborative approach required to safeguard national interests.
By examining this incident through the lens of threat intelligence, this paper provides valuable insights into the proactive defense and response measures that can be adopted by national CSIRTs and organizations worldwide when confronted with nation-state-sponsored cyber threats.
View upcoming Summits: www.sans.org/u/DuS
SANS Cyber Threat Intelligence Summit 2024
The D.R. Incident: How Threat Intelligence Helped Us Defend and Respond to a Nation-State-Sponsored Threat Actor
Omar Avilez, SOC Manager, CBRT - วิทยาศาสตร์และเทคโนโลยี
