Tom Hegel

The Sprawling Infrastructure of a Careless Mercenary

Most high-end attackers have learned careful techniques to protect their infrastructure from quick identification and pivoting. That care for OpSec comes from knowing that researchers and defenders are watching, that there may be repercussions to getting caught, and that you don’t want to tip your hand to your target. But not all attack infrastructure is created equal. When it comes to the dirty world of hackers-for-hire, those concerns often go out the window. Cyber mercenaries operate at a speed and with a vast scale of operations that are seldom accounted for. What we are left with is a rich field of interrelated infrastructure, useful pivots, and sometimes even attribution.

(Presentation under TLP, for attendees only)

Tom Hegel is a Senior Threat Researcher at SentinelLabs and focused on advancing cyber threat intelligence through his industry work, security publications, and humanitarian cybersecurity research which aims to help vulnerable communities, impacted businesses, and targeted individuals across many cultures. He is a successful publisher of numerous public disclosures on state-linked adversary groups, opportunistic crime groups, and various global events impacted by the technology threat landscape.