Skip to main content

FIRST CTI Conference | #FIRSTCTI24 | Berlín

Conference: Tracking Threat Actors Using Images: A Hunting & Analysis Approach

Date: April 16, 2024

Images are a common feature of documents, but they can also be a valuable source of intelligence for security analysts. By tracking the images that threat actors use in their documents, analysts can gain insights into their procedures, as well as their potential targets and impersonated companies.

This type of approach has helped us find and track the Russian cyber espionage group Gamaredon and others such as the group known as Blind Eagle that is suspected to be from Latin America and other APTs/Crime groups. It will also discuss the challenges and limitations of the approach.

Link: https://www.first.org/conference/firstcti24/program

Presentation: https://www.first.org/resources/papers/firstcti24/Joseliyo-Sanchez-Tracking-Threat-Actors.pdf