The LEAD (Formerly Winnti, loosely APT17) actor group has been active for years, yet they typically avoid public exposure due to their isolated and strategic campaigns targeting online gaming organizations. The group continues to operate in the North America and East Asia, typically with large amounts of success. In this presentation, I will discuss the technical and high level aspects to the group and how they have successfully compromised multiple online gaming organizations, primarily focused on Japan. I will review multiple successful attacks, share current detection capabilities and a more clear understanding of this group with the community in effort to facilitate collaboration.
After completing this session, learners will:
- Learn the technical and high level details of LEAD/Axiom/Winnti
- Learn hunting techniques and detection options which can be used to detect such APT activity
- Benefit from free, vendor-agnostic, information to utilize at home
Tom Hegel is a Senior Threat Researcher at ProtectWise 401TRG. An expert in network security and threat intelligence. Focusing his day on designing network detection mechanisms, monitoring and tracking malicious activity of all types. Primarily involved with advanced actor groups, particular malware families, or attack campaigns.