VS21 Malware Maelstrom: Guarding Against the Return of APT10 and its Subsets

In 2020, during an incident response engagement, FireEye Mandiant stumbled upon APT10 for the first time since the U.S. indictments against the group in late 2018. Upon re-discovery and identification of the group’s new and evolved tooling, FireEye Mandiant determined that other previous incident response engagements that were largely unrecognized had likely featured APT10.

This presentation will take a deep dive look into:

• How FireEye Mandiant re-discovered APT10 and the threat actor’s new malware and updated tools
• The difficulties in conducting malware-based attribution and possible subsets of APT10
• How organizations can spot this threat group and what defensive steps to take