In this exclusive RSAC session, we begin with an overview of a new espionage campaign targeting the Pakistani military, dubbed Operation Shaheen. We show how a threat actor’s toolset and campaign evolved over time and left a trail of contradictory evidence in an elaborate attempt to evade attribution.
We detail how the threat actor used a mix of publicly available malware payloads with highly sophisticated, customized, and mission-specific shellcode to evade identification. We will then highlight ways the threat actor managed to bypass eight different antivirus products before purposefully surrendering in a deliberate effort to distract, delay, and divert target resources.
We also provide a behavioral profile of the threat actor, painting a picture of a likely state-sponsored group with access to zero-day exploit developers; the capacity for advanced reconnaissance; and the ability to modify, refine, and evolve exploits to meet mission-specific needs.
We describe the geopolitical context in which the observed espionage campaign took place. We briefly cover Pakistan’s relationships with other countries, both in-region and farther afield, in order to contextualize the research.
We conclude with some thoughts on why Operation Shaheen matters to Pakistanis, to forensic investigators, to leaders of other organizations, and to the general public.
Tom Pace is the Sr. Director of Worldwide Consulting at Cylance, where he focuses on putting together solutions for clients around the world. Tom began his career in security when he joined the Marine Corps as an infantryman and intelligence specialist. During this time, he deployed to both Iraq and Afghanistan, where he conducted hundreds of missions. After the military Tom worked as an incident responder and cybersecurity engineer for multiple large enterprises and government agencies. Tom holds a M.S. degree from the University of Pittsburgh with a specialization in Information Security. He also possesses the CISSP, SFCP, GCFA, GCIH, GCWN, GICSP and GCIA certifications.
Kevin Livelli is Director of Threat Intelligence at Cylance, where he conducts long-term, complex investigations with the Research and Intelligence team. His work there follows ten years at 60 Minutes, where his investigative reporting and analysis were recognized with Peabody and Emmy awards. Before that, Livelli supervised investigations at the nation’s largest independent police oversight agency. A graduate of Dartmouth, he earned Master's degrees from Trinity College Dublin and Columbia University.