UNK 961: A Threat Actor Motivated by the Ecosystem

Dan Fenwick: I'm a principal consultant with a managed defense. And my role is more to interact with the customer directly, give them advice and assistance. We had some recent threat hunting wins with looking for patterns of attacker actions. So in one of the cases that we saw, they dropped a JSP based web shell that was created using the blue bean web shell framework. It's very fast to weaponize public exploit code and kind of incorporate that into their apparatus,. so to speak, to infect internet facing systems or applications.