Golo

Golo is a malware reverse engineer and threat researcher with IBM X-Force, where he spends his time digging into the dark arts of cybercrime. With a passion for tracking threats he's developed expertise in analyzing and reporting on a wide variety of maliciousness, ranging from banking trojans and botnets to high-profile ransomware and nation state actors. He is dedicated to sharing his research to help others stay ahead of emerging threats.


Session

10-23
17:45
30min
APT28: Following bear tracks back to the cave
Golo

In May 2024, the NATO publicly condemned cyber espionage operations carried out by a Russian state-sponsored group against targets in Germany and Czechia. We track this group as ITG05 sharing overlaps with APT28, UAC-0028, Forest Blizzard and Fancy Bear. In addition to Germany and Czechia, a large number of NATO member states as well as the Ukraine have been subject to long-term intelligence gathering missions executed by ITG05. ITG05 is also linked to the hack of the German Bundestag in 2015 as well as the attacks targeting the 2016 US presidential elections.

topic: CTI
Europe - Main Room