Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
This conference talk reveals how Google Cloud - Mandiant researchers pieced together disparate evidence to identify UNC1860, a covert Iranian state-sponsored threat actor operating since at least 2018. Discover how this advanced access broker for the Iranian government has targeted governments, telecommunications, and critical infrastructure across the Middle East while remaining largely undetected. Learn about their sophisticated techniques including repurposed Iranian AV drivers, custom kernel implants demonstrating extensive Windows kernel reverse engineering capabilities, and previously undisclosed webshells and passive backdoor controllers. Drawing from real-world incident response experience, the presentation illustrates how UNC1860 facilitates operations for various Iranian threat actors, from destructive government network attacks to sophisticated MOIS-affiliated APT espionage operations. Gain insights into this critical component of Iran's cyber strategy and understand the associated risks to organizations both regionally and globally.
