InSecurity Podcast: The White Company: Inside the Operation Shaheen Espionage Campaign
The tumultuous inner-drama of Pakistan has been keeping foreign heads of state awake at night for much of the country’s 70-year history. That’s because Pakistan’s story has been one of contradictions.
It has enjoyed peaceful civilian rule, but also violent military coups. It has been a key counterterrorism partner in Afghanistan, but also an accused sponsor and enabler of terrorists. It has been outwardly focused on deterring its rival India, but also inwardly focused on managing domestic separatist and terrorist threats. It has been the home of more than 100 nuclear weapons, but also the most notorious terrorist in history, Osama bin Laden.
At the heart of Pakistan’s curious and contradictory history has been its military, whose outsized in uence in Pakistani a airs has made it a key actor at home and abroad, playing roles both highly visible and long hidden.
Today, the Pakistani military is at the center of shifting geopolitical alliances — and a sustained cyber espionage campaign. Cylance calls this campaign Operation Shaheen, a reference to the Shaheen Falcon which stands as the symbol of the Pakistani Air Force — the branch of the Pakistani military repeatedly referenced in this campaign’s phishing lures.
In today’s episode of InSecurity, Matt Stephenson talks with Cylance Advisory Board Member Ryan Smith and Cylance Directors of Threat Intelligence Jon Gross and Kevin Livelli. Their research team unravel the mystery of a campaign in which traditional approaches to analysis, focused primarily on the malware and infrastructure, yielded few clues and misleading assumptions; however, a comprehensive breakdown of the exploit and shellcode revealed insights into a threat actor whose unique way of cobbling together tools may ultimately lead to their unmasking.
About Ryan Smith
Ryan Smith is a member of the Cylance Advisory Board. Prior to that, he was the Vice President of Research at Cylance, where he lead teams performing both internal and external research. He has spent the last decade leading such teams for consulting, product, and fortune 50 organizations. As an individual contributor, Ryan has discovered and exploited highly impactful vulnerabilities in widely deployed client and server software. His interests include reverse engineering, exploitation, vulnerability discovery, analysis algorithms, and magnets. He has spoken at international conferences and is a two-time Pwnie Award winner for best server and client bugs.
About Jon Gross
Jon Gross is a Director of Threat Intelligence at Cylance. Other than that… he doesn’t tell us much
About Kevin Livelli
Kevin Livelli is Director of Threat Intelligence at Cylance, where he conducts long-term, complex investigations with the Research and Intelligence team. His work there follows ten years at 60 Minutes, where his investigative reporting and analysis were recognized with Peabody and Emmy awards. Before that, Livelli supervised investigations at the nation’s largest independent police oversight agency. A graduate of Dartmouth, he earned master's degrees from Trinity College Dublin and Columbia University.
About Matt Stephenson
Insecurity Podcast host Matt Stephenson(@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcastand host of CylanceTV
Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come
Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.
Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as
ThreatVector InSecurity Podcasts:
iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2
GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste
Make sure you Subscribe, Rate and Review!