Zusammenfassung
Keine APT-Gruppe ist für die Struktur ihrer Kontrollserver bekanntgeworden. Dies liegt unter anderem daran, dass sich diese nicht mit solch illustrativen Namen wie Spionageprogramme beschreinen lassen. Schließlich handelt es sich in der Regel um zu viele einzelne Adressen, manchmal Dutzende, manchmal mehrere Tausend IP-Adressen oder Domainnamen. Dennoch ist die Server-Infrastruktur, der sich die Täter bedienen, mindestens genauso charakteristisch wie ihre Backdoors und RATs .
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsLiteratur
Mandiant: APT1 – Exposing One of China’s Cyber Espionage Units. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf (2013). Zugegriffen am 21.07.2017
Poulsen, K.: Putin’s Hackers Now Under Attack – From Microsoft. In: The Daily Beast. http://web.archive.org/web/20170726100833/http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network (2017). Zugegriffen am 29.07.2017
Boutin, J.-I.: Turlas Watering Hole Kampagne: Firefox-Erweiterung missbraucht Instagram. In: Welivesecurity Blog. http://web.archive.org/web/20170617181752/https://www.welivesecurity.com/deutsch/2017/06/07/turla-watering-hole-firefox-erweiterung-missbraucht-instagram/ (2017). Zugegriffen am 29.07.2017
Backman, K., Stear, K.: Schoolbell: Class is in Session. In: RSA Blog. http://web.archive.org/web/20170429075107/https://blogs.rsa.com/schoolbell-class-is-in-session/ (2017). Zugegriffen am 30.07.2017
Forward-Looking Threat Research Team: LUCKYCAT REDUX – Inside an APT Campaign with Multiple Targets in India and Japan. In: Trend Micro Research Paper. https://www.trendmicro.co.kr/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf (2012). Zugegriffen am 30.07.2017
Hacquebord, F., Hilt, S.: Pawn Storm intensiviert Spear-Phishing bevor Zero-Days gepatcht werden. In: TrendMicro Blog. http://web.archive.org/web/20170225184537/http://blog.trendmicro.de/pawn-storm-intensiviert-spear-phishing-bevor-zero-days-gepatcht-werden/ (2016). Zugegriffen am 02.08.2017
Fagerland, S., Kravik, M., Camp, J., Moran, S.: OPERATION HANGOVER – Unveiling an Indian Cyberattack Infrastructure. http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf (2013). Zugegriffen am 27.07.2017
Cabrera, E.: Pawn Storm: the Power of Social Engineering. In: TrendMicro Blog. http://web.archive.org/web/20170724130037/http://blog.trendmicro.com/pawn-storm-power-social-engineering/ (2017). Zugegriffen am 03.08.2017
ThreatConnect Research Team: What’s in a Name…Server? In: ThreatConnect Blog. http://web.archive.org/web/20170405141634/https://www.threatconnect.com/blog/whats-in-a-name-server/ (2016). Zugegriffen am 04.08.2017
Rascagneres, P.: APT1 – technical backstage malware. https://malware.lu/assets/files/articles/RAP002_APT1_Technical_backstage.1.0.pdf (2013). Zugegriffen am 05.08.2017
Shodan: Malware Hunter. https://malware-hunter.shodan.io. Zugegriffen am 05.08.2017
CIRCL.LU: Passive SSL. https://www.circl.lu/services/passive-ssl/. Zugegriffen am 05.08.2017
Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A Search Engine Backed by Internet-Wide Scanning. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (2015)
Comodo: crt.sh Certificate Search. https://crt.sh. Zugegriffen am 05.08.2017
ThreatConnect Research Team: How to identify potential malicious infrastructure using ThreatConnect, DomainTools, and more. In: ThreatConnect Blog. https://www.threatconnect.com/blog/finding-nemohost-fancy-bear-infrastructure/ (2017). Zugegriffen am 05.08.2017
PassiveTotal: Snakes in the Satellites – On-going Turla Infrastructure. In: PassiveTotal Blog. http://web.archive.org/web/20170606162033/http://blog.passivetotal.org/snakes-in-the-satellites-on-going-turla-infrastructure/ (2016). Zugegriffen am 05.08.2017
Tanase, S.: Satellite Turla – APT Command and Control in the Sky. In: SecureList. http://web.archive.org/web/20170720061322/https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/ (2015). Zugegriffen am 05.08.2017
Biddle, S.: White House says Russia’s hackers are too good to be caught but NSA partner called them ,MORONS‘. In: The Intercept. https://theintercept.com/2017/08/02/white-house-says-russias-hackers-are-too-good-to-be-caught-but-nsa-partner-called-them-morons/ (2017). Zugegriffen am 05.08.2017
Sullivan, S.: How to Vet URL Shorteners #2016CampaignEdition. In: F-Secure News from the Lab. http://web.archive.org/web/20170807172423/https://labsblog.f-secure.com/2016/10/31/how-to-vet-url-shorteners-2016campaignedition/ (2016). Zugegriffen am 07.08.2017
TR1ADX: Bear Hunting Season – Tracking APT28. In: tr1adx Intelligence Bulletin (TIB). http://web.archive.org/web/20170810161122/https://www.tr1adx.net/intel/TIB-00001.html (2016). Zugegriffen am 10.08.2017
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer-Verlag GmbH Deutschland
About this chapter
Cite this chapter
Steffens, T. (2018). Die Infrastruktur der Täter. In: Auf der Spur der Hacker. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-55954-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-662-55954-3_4
Published:
Publisher Name: Springer Vieweg, Berlin, Heidelberg
Print ISBN: 978-3-662-55953-6
Online ISBN: 978-3-662-55954-3
eBook Packages: Computer Science and Engineering (German Language)