TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Profile of a Hacker: The Real Sabu, Part 2 of 2

2017-05-02 · Read original ↗

ATT&CK techniques detected

5 predictions
T1090.003Multi-hop Proxy
97%
“sabu went down. the simplest one goes like this : of course, sabu used anonymization networks to hide his identity and make source tracing impossible. network anonymization would have been a basic precaution for the most - wanted cybercriminal at the time. there are several metho…”
T1090.003Multi-hop Proxy
92%
“and is still partially funded by them today. the tor network consists of thousands of relay nodes all across the internet, randomly relaying connections from clients through the tor network and back out again. most nodes simply relay encrypted connections to other nodes, but abou…”
T1593.001Social Media
45%
“were given access to his twitter account and used it to collect information about anonymous and lulzsec sympathizers. presumably, the identities of sabu sympathizers now exist in some government database of ne ’ er - do - wells and miscreants. it was during this time — when the f…”
T1589.001Credentials
35%
“were given access to his twitter account and used it to collect information about anonymous and lulzsec sympathizers. presumably, the identities of sabu sympathizers now exist in some government database of ne ’ er - do - wells and miscreants. it was during this time — when the f…”
T1090.002External Proxy
32%
“and is still partially funded by them today. the tor network consists of thousands of relay nodes all across the internet, randomly relaying connections from clients through the tor network and back out again. most nodes simply relay encrypted connections to other nodes, but abou…”

Summary

New information sheds light on Sabu’s activities following the revelation of his identity.