March 30, 2021 @ 8:45 am - 10:15 am EDT
Our Guests from Mandiant address: “Defending Against, Investigating, and Responding to UNC2452 Intrusions – The Threat Actor Behind SOLARWINDS SUNBURST Supply Chain Attack
UNC2452, the threat actor behind the SolarWinds SUNBURST supply chain attack, is one of the most advanced, disciplined, and elusive threat actors Mandiant has ever investigated. UNC2452’s operators have a mastery of both offensive and defensive skills – and have used that knowledge to refine their intrusion techniques to hide in plain sight. They’ve compromised dozens of organizations in the government, NGO, technology, security, telecommunications, and education sectors. They leverage several attack vectors to obtain access to victim environments and use creative and clandestine techniques to maintain persistent access. We will discuss their tradecraft observed in several victim environments and discuss ways organizations can better defend their networks from this threat actor and the other actors that will emulate UNC2452 in the future.
Objectives:
Understanding the SolarWinds attack
The source and their actions
Advanced attack vectors
Supply chain risks
Preparing to defend against threat actors that emulate this type of attack.
Presenters:
Josh Madeley, Mandiant, Manager, Professional Services
Josh Madeley is a Manager at Mandiant with over thirteen years of experience in information security. His particular areas of expertise include incident response, digital forensics, network traffic analysis, and Security Operations Center.
Charlie Moisakis, Mandiant, Director, Professional Services
Charlie Moisakis is responsible for providing proactive Security Assessments, Cyber Exercises and Cyber Defense Transformation services to leading Fortune 500 organizations. Specifically, latest threat intelligence to mitigation.
Who Can Attend:
Open only to InfraGard members and their guests.
Registration:
https://thomas.webex.com/thomas/k2/j.php?MTID=t6ec0b27e88b47984eff7d4ca94d9946e
Password: SolarMaine
This session is not authorized for recording or any capture and the content may not be stored.