SneakyChef Espionage Campaign: Unveiling the Multi-Staged Attack on Global Government Entities

Wednesday
 
19
 
March
, 
11:20 am
 - 
12:00 pm
Location
Sutherland Theatrette
Theme
Threat Intelligence & Threat Hunting
Agenda

Speakers

Chetan Raghuprasad

Chetan Raghuprasad

Threat Researcher
Cisco Systems (USA) Pvt. Ltd.

Synopsis

This presentation is about a malicious campaign operated by a Chinese-speaking threat actor, SneakyChef. Since as early as 2023, SneakyChef has targeted government agencies, likely the Ministry of External/ Foreign Affairs or Embassies of various countries, using SugarGh0st RAT and SpiceRAT.

SneakyChef operators are likely Chinese-speaking based on their language preferences, usage of the variants of Chinese’s popular malware of choice, Gh0st RAT, and the specific targets, which include the Ministry of External Affairs of various countries and other government entities with the motive of Espionage and data theft.

Their notable TTPs include Spear-Phishing campaigns, DLL Side-Loading, custom c2 communication protocol, and abusing legitimate applications.

SneakyChef has used various techniques in this campaign, including multi-staged attack chains, to deliver the payload SugarGh0st and SpiceRAT. Throughout this presentation, I will discuss multiple attack chains and the techniques the threat actor has employed to establish persistence, evade detection, and implant the RATs successfully.

View Program
View Workshops
My Agenda

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.