2017 MOST NOTABLE HACKERS - IntSightswow.intsights.com/rs/071-ZWD-900/images/2017 Most... · 2017 Most Notable Hackers Thr eat Intelligence Realized. Ratankba is the name that was

Threat Intel l igence Real ized.

1 IntSights Cyber Intelligence Ltd. Copyright © All Rights Reserved 2018.

2017 MOST NOTABLE

February 2018


HACKERS



In 2017 we saw a measurable increase in cyber-attacks executed by State sponsored hacking groups and APT’s. The Top 5 Threat Actors highlighted in this report carried out some of the most notable and financially devastating attacks of 2017 and are likely sponsored by nation-states. Cyber-attacks have become, and will continue to be, key elements of twenty-first century political warfare and terrorism. We believe that the use of cyber terror and other state sponsored attacks will increase in 2018 after it’s success in 2017.

We believe that the motivations to perform such cyberattacks are:

1. Causing financial damage to private and public targets in order to undermine the rival countries economy

2. Define new balance of terror and fear between the attacker’s countries to the target countries

3. Making financial profit from the attack to finance the cost of attacks and tools development

4. Many of the attacks will perform in order to gain political profit and to send a massage.

As the damage from politically motivated, nation-state sponsored attacks increases, and attacker’s avoidance tools have become better – and thus so to must an organizations ability to monitor threats at the stages of planning and preparation, before the threat becomes an attack.

This report summarizes the Top Attacks of 2017 and those responsible, and in doing so, clearly illustrates the critical role of external threat intelligence in every organizations security operations strategy.

INTRODUCTION

2017 Most Notable Hackers Threat Intel l igence Real ized.

CYBER-ATTACKS HAVE BECOME, AND WILL CONTINUE TO BE, KEY ELEMENTS OF TWENTY-FIRST CENTURY POLITICAL WARFARE AND TERRORISM.

“



Lazarus Group is a North Korean Espionage APT group. Their attacks were originally detected in 2009, during a cyber-espionage campaign against South Korea. They are considered dominate this year, as they managed to initiate several major cyber-attacks against the financial industry mainly against US and South Korean banks. In 2016 the North Korean APT group carried out a daring cyber-attack against the Central Bank of Bangladesh, On February 4th The group hacker manage to login to the SWIFT using the bank employees credentials, the hacker sent more than three dozen fraudulent money transfer requests to the Federal Reserve Bank in New York asking the bank to transfer millions of the Bangladesh Central Bank funds to several bank accounts in the Philippines, Sri Lanka and other countries in Asia. SWIFT is the main platform for worldwide interbank financial telecommunication and funds transfer between banks around the world. The SWIFT platform processing about 25 million communications a day globally, most of them money transfer transactions.

Since the aforementioned series of attacks, their methods have become more sophisticated. The pinnacle was in November 2014, when Lazarus Group released leaked internal and confidential information from the Sony Pictures servers, after being inside their network for over a year. This attack, known as “Operation Blockbuster” is one of the biggest corporate breaches in recent history.

Since then, the group has been more focused on hacking banks, including the large attack on the SWIFT payment system of the Bank of Bangladesh, where they successfully

stole about $81 million dollars, which was sent to Rizal Commercial Banking corporation in the Philippines via four different transfers requests and an additional $20 million dollars sent to Pan Asia banking in a single request. Despite the high amount that the group managed to steal. The Central Bank of Bangladesh manage to avoid much greater damage when the bank halted a few dozen other transfer requests in a total amount of $851 million dollars.

The group is also said to be responsible for a campaign in February 2017 that targeted worldwide financial institutions. This was done by exploiting infected websites to redirect victims to a customized exploit kit.

In April 2017, researchers suggested that Lazarus group, had initiated a few water-hole attacks in several countries worldwide against financial institutions, casinos, financial-trade software developers, and cryptocurrency businesses.

In August 2017, Lazarus group appears to have taken part in another campaign, likely in cooperation with other groups, against U.S. defense contractors. The attackers used spear-phishing emails describing job openings at various U.S. defense contractors, in order to encourage users to download and open Word documents with malicious macros.

The tools used by the group are DDoS botnets, keyloggers, RATs, wiper malware and SMB worm tool. Variants of malware used by this group include Destover, Wild Positron/Duzzer and Hangman.

About the group:

LAZARUS GROUP


Origin country: North KoreaOther names: “Hidden Cobra”Related subgroups: “Bluenoroff”, “Andariel”First seen: 2007Famous attacks: “Bangladesh SWIFT attack” “Taiwan Heist” “WannaCry Ransomware”TTP’s: Back Door, Malware, DDoS, Trojan, Vulnerability Exploit, Data Leakage, Exploit Kit



The bank compromised

The vulnerabilities commonly used by the group include:CVE-2015-6585: Hangul Word Processor VulnerabilityCVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x VulnerabilityCVE-2016-0034: Microsoft Silverlight 5.1.41212.0 VulnerabilityCVE-2016-1019: Adobe Flash Player 21.0.0.197 VulnerabilityCVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability

Lazarus Group Polish Banks HeistIn the beginning of February 2017, a particular malware was found in numerous Polish banks. It was used to exfiltrate data from a bank’s computer to an external server. Researchers found evidence of the same malware attacking more than 100 institutions in more than 30 different countries and connected it to Lazarus Group.

The point of infection for all the victims was found to be the official website of the Polish Financial Supervision Authority, a governmental body in charge of overseeing the banking sector. The hackers compromised this website with a water-hole attack, in which specific websites of interest of the victims are targeted and a code is injected into them, which redirects them to an exploit kit, designed by the attackers. The exploit kit is triggered only for visitors with specific IP ranges.

The exploits’ purpose is to download a malicious software that gathers information from the compromised system and connects to remote servers to send the data back. The final payload of the malware has RAT functionality.

FAMOUS ATTACKS


30 COUNTRIES

100 INSTITUTIONS

How It Works

The group targeted the

Polish Financial Supervision

Authority website

The group manage to hijack the website, and

to use it as a “watering hole” to deliver a malware

The custom exploit kit which was used by the

group was configured to infect only visitors with certain IP addresses

The final payload of the malware

used to download and send the

data to a remote servers



The Bangladesh Bank Heist attack occurred in February 2016. It was conducted via malware infection, which resulted in the tampering of SWIFT alliance software. SWIFT is a software used by 11,000 financial organizations worldwide to conduct financial transactions.

The attack resulted in the theft of $81 million USD that was transferred to an account in the Philippines, out of an attempted $950 million USD in transactions, most of which were stopped before completion. The money was transferred from the bank’s account in the Federal Reserve Bank in New York.

The attack was said to be the result of poor security measures taken by the Bangladeshi Bank. Following the attack, SWIFT issued a security update which was meant to remediate the issue and prevent similar future attacks.

The attackers reportedly used a malware-suit which was tailor-made for the attack. It operated in an environment running the SWIFT Alliance software, to monitor and tamper with SWIFT transaction based on the data set in its configuration file. According to some researchers – the attack was conducted with the help of at least one insider within the organization.

It is generally believed that North Korea is behind the attack, as a rare piece of code that was used in the Sony attack was also found in the code of the malware used for this attack. The malware used for the campaign was named by researchers 'evtdiag.exe'. It was designed to slightly modify the code for the Access Alliance software installed at Bangladesh Bank, thus giving attackers the ability to modify a database that logged the bank's activity over the SWIFT network.

The malware patches the liboradb.dll process, replacing two bytes 0x75 and 0x04 with the bytes 0x90 and 0x90, to bypass the software's authentication process for transactions.

The malware also monitors login activities on the victim computers and notifies the remote C&C server of them every hour.


Taiwan HeistIn October 2017, the Far Eastern International Bank in Taiwan discovered a cyber-attack in their SWIFT system secured tunnel, where about $60 million were stolen and transferred to multiple beneficiaries overseas.

According to the FEIB, most of the money was restored ($500K is still missing) and at least two arrests were made in Sri Lanka. One of them was Shalila Moonesinghe, head of the governmental Litro Gas company, after $1.1 million from the stolen funds were found in his personal bank account.

However, security experts received a piece of malware connected to the incident and concluded that the malware and nature of the attack can be linked to Lazarus Group. The tools used in the attack resemble Lazarus’ usual tools - including a malware recognized as the ransomware “Hermes”, that was, in high probability, used as a distraction tool.

Bangladesh Heist

THE ATTACK WAS CONDUCTED WITH THE HELP OF AT LEAST ONE INSIDER WITHIN THE ORGANIZATION.

“




Ratankba is the name that was retroactively given to the malware that was used by Lazarus Group for its attacks against major financial institutions worldwide in February 2017.

In the first days of February 2017, a malware was found in many different Polish banks. This malware was used to exfiltrate data from the bank’s computers to an external server. The malware, which was unknown prior to the attack, was later given the name Ratankba.

The attack has been attributed to the Lazarus Group, a highly sophisticated cyber-crime team that has taken part in

similar attacks against banks, using custom-made malware. The Ratankba malware was used to collect information on the infected machine, particularly usernames, passwords, NetBIOS and MAC information that would serve to examine the possibility of spreading the malware throughout a local network by brute-forcing possible username and password combinations.

It downloaded a hacking tool that is typically identified as NBTSCAN, which was then used to download additional malware, such as the “Detsover” information-stealing backdoor, an RCE exploit for Silverlight (CVE-2016-0034) .

Ratankba malware

Related subgroupsThe Lazarus group has had multiple operations over the years, most of which involve either disruption, sabotage, financial theft or espionage. The North Korean APT also has “spin-off” groups which focus on specific kinds of attacks and targets:

1. Bluenoroff: A subgroup focus on attacking foreign financial institutions in Asia, Europe and in the United States. Bluenoroff held responsibility for multiple incidents of financial theft, including the Bangladeshi Bank.

2. Andariel: A subgroup focusing on South Korean targets usally private organizations and businesses, Andariel team are using specifically tailored hacking tools and methods that ware created for maximum effectivity.




Lazarus Group Activity Timeline

2011

2014

2016

2015

2013

2017



The Shadow Brokers is a group of hackers that was able to successfully hack one of the elite cyber intelligence units of the NSA, also known as the Equation Group. Shadow Brokers were considered dominant in 2017, as they exposed several major vulnerabilities and tools that led to some of the biggest attacks in 2016.

About the group


Origin country: UnknownOther names: “TSB”, “TheShadowBrokers”First seen: 2016Famous attacks: “Attack on Equation group – NSA”TTP’s: Data Leakage, Vulnerability Exploit

THE SHADOWS BROKERS

Famous attackIn August 2016, Shadow Brokers claimed to have breached the computer systems used by the Equation Group and released a sample of stolen data, as well as other encrypted files whose decryption key they offered for sale in a bitcoin auction.The code leaked by TSB belongs to an offensive hacking tool used by the Equation Group, claimed to be a more potent cyber-weapon than Stuxnet and the like.In the late October 2016, Shadow Brokers published yet another leak. This time it contained a list of foreign servers allegedly compromised by Equation Group in various countries in order to expand its espionage operations.In April 2017, the group leaked information on a NSA campaign which targeted financial institutions in the Middle East. The campaign, called JeepFlee_Market, compromised a SWIFT bureau named Eastnets, that collected information on the transactions of several banks and financial institutions that used its services.

IT WAS PROMINENTLY USED IN A GLOBAL CYBER ATTACK, WHERE HACKERS REDESIGNED IT AS A RANSOMWARE CALLED ‘WANNACRY’.“

“EternalBlue” vulnerability connection to “WannaCry” ransomware attackEternal Blue was developed by the NSA - reportedly by the Tailored Access Operations unit. This unit, which has since had its name changed, is tasked with infiltrating foreign computer networks.Eternal Blue originally allowed US spy agencies to hack Windows computers by utilizing vulnerabilities found in the system’s file sharing and printing protocol. Shadow Brokers leaked this tool online in the second half of 2016, along with other tools developed by the US government.It was prominently used in a global cyber attack, where hackers redesigned it as a ransomware called ‘WannaCry’. WannaCry hit many organizations, one of the largest being the British NHS. Though Microsoft had already released patches for said vulnerabilities in March 2017, many users, mainly in the government and education sectors, failed to update their computers and thus remained vulnerable.



Origin country: RussiaKnown Associates: Dimitry Dukocheev, Aleksei Belan, Karim BartovAssociates With: Russian Federal Security Service (FSB)First seen: 2014Famous attacks: “Yahoo hack”

IGOR SUSHCHIN


Igor Sushchin (DoB: 28.8.73) is a Russian Federal Security Service (FSB) Officer, of unknown rank. In addition to working for the authorities, he allegedly served as Head of Information Security for a Russian company, providing information about the company employees to the FSB. The U.S. has indicted and charged Sushchin and the others for overseeing or being directly involved in computer hacking, including stolen email accounts, and other secret programs designed to manipulate a user’s account.

He is considered a very strong threat actor of 2017 because he is held accountable to the huge Yahoo hack, and because he turned out to be the most significant and harmful hacker working privately and not within an APT group.

He became wanted by the FBI in March 15th, 2017, and was charged along with three individuals (Dimitry Dukocheev, Aleksei Belan and Karim Bartov), in connection with compromising at least 500 million Yahoo accounts in 2014. The charges were: hacking, economic espionage, trade secret theft, wire fraud, and identity theft.

According to the Justice Department, Dukocheev and Sushchin paid co-conspirators Belan and Baratov to access email accounts. Furthermore, from at least January 2014, continuing through December 2016, Suschin and Dukocheev gained unauthorized access to the computer networks of and user accounts hosted at major companies providing worldwide webmail and internet-related services in the Northern District of California and elsewhere.

The hackers were allegedly hired to target American and Russian government officials, diplomats, military, journalists, the financial sector and other sector activists. Among these targets, Yahoo was especially valuable, not only for its email records but also due to its large social platforms like Flickr and Tumblr.

In March 2017, it was reported that Sushchin worked as an undercover officer at Renaissance Capital, a Moscow investment bank owned by the billionaire Mikhail Prokhorov. He was fired from the bank on March 16th, the day after U.S. officials announced the charges related to the massive 2014 hack of Yahoo.

About the group:

THE HACKERS WERE ALLEGEDLY HIRED TO TARGET AMERICAN AND RUSSIAN GOVERNMENT OFFICIALS, DIPLOMATS, MILITARY, JOURNALISTS, THE FINANCIAL SECTOR AND OTHER SECTOR ACTIVISTS.

“



The “Yahoo Hack”, which occurred in August 2013, is considered the biggest data breach in history where 1 billion accounts were compromised. Yahoo admitted the breach on December 14th, 2016.

According to Yahoo’s Chief Information Security Officer, Bob Lord: “The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers”.

A year later, in 2014, another hack occurred, when 500 million accounts were hacked. Yahoo admitted to the breach on September 22th 2016, although it was later discovered that Yahoo employees knew about the breach as early as 2014.

The stolen information included names, email addresses, telephone numbers, birth dates, passwords (most hashed with bcrypt), and encrypted or unencrypted responses to security questions and answers. Yahoo marked China, Russia or North Korea as the possible suspects behind the hack.

According to officials, the main purpose of the Yahoo Hack was to gather political and economic intelligence. The hackers stole the database and other Yahoo software codes in order to falsify cookies - a technique that enabled them full access to millions of Yahoo accounts without the need for passwords.

Since the FSB gave the hackers complete freedom with the 500 million stolen Yahoo accounts, it later led to selling credit card numbers and rampant spamming.


Famous Attack



Origin Country: ChinaOther Names: “Stone Panda”, “Red Apollo”, “MenuPass”, “Potassium”, “CVNX”)First Seen: 2009Famous attacks: “Cloud Hopper”TTP’s: Rat, Malware, Spear Phishing, Trojan, Malware Distribution, Backdoor

STONE PANDA (APT 10)


APT 10 are a Chinese espionage state actor, also known by the names APT 10, MenuPass, POTASSIUM, Red Apollo and CVNX. Stone Panda has been active since 2009 when it started hacking American military research institutions and organizations.

Stone Panda was prevalent in 2017 due to the “Cloud Hopper” campaign and their advanced tools used in this attack, among others.

In 2017, Stone Panda heavily attacked many wealthy industries in an espionage campaign dubbed as “Cloud Hopper.” In this campaign, the group targeted Managed IT Service Providers (MSP’s), through which they reached their actual victims - the MSPs’ clients.

Stone Panda also targeted or compromised manufacturing and mining firms in India, Northern Europe and South America. Since June 2016 the group also strongly targeted Japan.

Experts believe that the goals behind Stone Panda hacking campaigns support the Chinese national security goals,

including acquiring valuable military intel as well as the theft of confidential business data to support Chinese corporations.

This group is known for using open-source malware and hacking tools, which they have customized for their campaigns, and secretly accessing systems via Remote Desktop Protocol or Remote access Trojans to select the potential data to be stolen. In addition, the group is known for using the malware tools PlugX, Poison Ivy, ChChes, Graftor and SOGU.

According to security experts the group started using tools that are unique to them in 2017. These tools are: First stage backdoors HAYMAKER and SNUGRIDE; and a customized version of the open source QUASARRAT - BUGJUICE - as second stage backdoors.

APT10 methods included spear phishing and accessing a victim’s networks through service providers, which have significant access to customer networks, thus enabling an attacker to move laterally into the network of the service provider’s client.

About the group:

ACCORDING TO SECURITY EXPERTS THE GROUP STARTED USING TOOLS THAT ARE UNIQUE TO THEM IN 2017.“




Stone Panda hit several wealthy industries hard in April 2017 with “Cloud Hopper”, a spyware campaign which targeted MSP’s, that the group used in order to reach their clients - of various industries. The eventual targets were major corporations in the pharmaceuticals engineering, industrial, manufacturing, retail, energy, telecommunications industries; as well as government institutions from UK, US, Japan, Canada, Brazil, France, Switzerland, Norway, Finland, Sweden, South Africa, India, Thailand, South Korea and Australia.

The MSPs managed their clients’ application, network, and system infrastructure. Their compromise allowed for the infiltration of the victim’s networks.

In the Cloud Hopper campaign, Stone Panda targeted the MSPs of interest through spear-phishing emails, infecting them with Remote Access Trojans (RATs). In addition, they used Dropper Trojans such as ARTIEF and malicious files such as FAKEMS - Microsoft Office documents which contain malicious codes that exploit system vulnerabilities. Experts detected over 70 variants of backdoor families and Trojans involved in the Cloud Hopper campaign.

In order to maintain the access to the compromised system, Stone Panda used tools that stole authentic credentials (with administrator authorizations) used to enter the MSP and its client’s shared system. This was also the technique that allowed Stone Panda to progress and gain deeper access to the MSP’s client’s network.

Stone Panda targeted more than high-value systems. It also infected non-mission-critical machines, later used to move laterally into the compromised systems - a deception aimed to avoid awareness and detection by IT administrators. In addition, the attack scheduled tasks or leveraged services in order to keep hold of the system even if it was rebooted. The stolen data in this espionage campaign was then sorted, compressed, and transferred from the MSP’s network to the Stone Panda’s controlled infrastructure.

Famous Attack

ATP10

MSP’s

MSP Customers

Stolen Data

EXPERTS DETECTED OVER 70 VARIANTS OF BACKDOOR FAMILIES AND TROJANS INVOLVED IN THE CLOUD HOPPER CAMPAIGN.

“



FANCY BEAR (APT 28)


Fancy Bear, a.k.a APT 28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM, is a state supported hacking group associated with the Russian military intelligence agency GRU. The group has been familiar since 2007, and usually targets privileged information related to government, military, and security organizations. Among the Russian APT groups, Fancy Bear dominated in 2017 - especially towards the end of this year.

In November 2017, it became known that Fancy Bear actively exploited a newly discovered Microsoft Office vulnerability. Various widespread cyber-attack campaigns were used to abuse it in the wild to infect several organizations with malware.

Microsoft’s feature, Dynamic Data Exchange (DDE), can be leveraged to perform code execution on the targeted device without requiring enabled Macros or memory corruption. DDE protocol is one of the several methods that Microsoft uses to allow two running applications to share the same data. The protocol is being used by plenty of Microsoft apps.

Fancy Bear hackers leveraged the DDE vulnerability since October 2016. The campaign involved documents referencing the recent terrorist attack in New York in an attempt to trick victims into clicking on the malicious documents, which eventually infected their systems with malware. Since DDE is a Microsoft’s legitimate feature, most antivirus solutions don’t flag any warning or block the documents with DDE fields.

On December 2017, it become known that Fancy Bear also targeted hundreds of journalists. At least 200 journalists have been targeted in a long-term attack that started as early as 2014.

The list of victims included: 50 New York Times journalists, a Washington Post columnist, and a Daily Beast reporter. Along with American journalists, the attackers also tried to hack Ukrainian and Russian media members. According to the journalists, they have experienced spear phishing attacks for years in an attempt to hack networks and access to sources and information.

In 2017 Fancy Bear also hacked Google accounts belonging to US military officials and various journalists. In the previous years, the group had been connected to the Hillary Clinton email leaks and the hack of the Olympic games, among other campaigns and attacks.

In 2018 the “Fancy Bear” group managed to set a new fire; the group targeted and exploited one of weak spots of the U.S defense and Intelligence departments – Contractors.

“Fancy Bear” targeted multiple sub-contractors (who work for the U.S defense and intelligence departments). The attack included: sophisticated phishing attacks and exploited weak-spots within the email systems of the U.S defense and intelligence communities. The attack targeted sub-contractors who were working on secret projects such as “military drones”, “missiles” and others. This attack is simply the latest targeting U.S military departments.

About the group:

Origin Country: RussiaOther Names: “Fancy Bear”, “Pawn Storm”, “Sofacy Group”, “Sednit”, “Strontium”, Threat Group-4127”Accociate With: GRU (Russian Military – Intelligence agency)First Seen: 2007Famous attacks: “OpOlympics” “Hillary Clinton – emails leak” “Microsoft – DDE (Dynamic Data Exchange)TTP’s: Spear Phishing, DDoS, Data Leakage

Famous Attack



1. State-sponsored attacks will Increase, as an act of warfare and terror. The usual suspects for state-sponsored attacks are: North Korea, Iran, and Russia. These nations have much to gain by continuing their attempts to extort, steal, spy and disrupt Western nations by infiltrating information systems of the private sector, especially the Financial Services and Service Provider industries.

2. Supply-chain Attacks will Grow More Popular, which will be incredibly sophisticated and possess wide threat arsenals including zero-day exploits, file-less attack tools, and combine traditional hacking attacks with partnerships to include more sophisticated, specialized cyber attack teams that handle the exfiltration elements of an attack.

3. Attacks via Compromised IoT Devices will be more Damaging, as of today millions of connected IoT devices have little or no defense against hackers who want to gain control of them. In fact, it’s getting easier for hackers to take over an IoT device… as all they have to do is purchase a botnet kit from the dark web and they are in business.

4. Mobile Malware will become More Sophisticated – In 2017 we have seen that hackers manage to use this method to penetrate our almost defenseless device. Most of the devices were infected using download malicious applications.

5. Ransomware will keep its status in line, as the future of financial attacks.

6. Cyberattacks as a Service will become a commodity and cheaper than ever – with each cyber-criminal with a specific skill-set becoming a ‘gun’ for hire. For example, a cyber-criminals may be experienced in building malware, another specialized in distributing the malware and as a final service, someone is providing ‘herding’ services, which in means that all the devices that have been infected by the malware, will be controlled and operated by the Botnet herder. Cybercriminals, state actors, criminal organizations and even private individuals with malicious intents can use the CaaS (Cyber as a Service) model to perform successful cyberattacks.

7. Cyberattacks will be Destructive and they will cause More Financial and Operational Impact on Organizations – In 2018 we will see a rise in AI-based cyberattacks as cybercriminals begin using machine learning to spoof human behaviors. Security teams will need to step up and tune their own AI tools to better protect against the new threats.

RANSOMWARE WILL KEEP ITS STATUS IN LINE, AS THE FUTURE OF FINANCIAL ATTACKS

“

2018 Cyber Threat Actor and Motivation Predictions:






About IntSightsIntSights is redefining cyber security with the industry’s first and only enterprise threat management platform that transforms tailored threat intelligence into automated security operations. Our ground-breaking data-mining algorithms and unique machine learning. Capabilities continuously monitor an enterprise’s external digital profile across the surface, deep and dark web, categorize and analyze tens of thousands of threats, and automate the risk remediation lifecycle — streamlining workflows, maximizing resources and securing business operations. This has made IntSights’ one of the fastest growing cyber security companies in the world. IntSights has offices in tel aviv, amsterdam, new york and dallas and is backed by glilot capital partners, blumberg capital, blackstone and wipro ventures. To learn more, visit www.IntSights.Com.


Documents

2017 MOST NOTABLE HACKERS - IntSightswow.intsights.com/rs/071-ZWD-900/images/2017 Most... · 2017 Most Notable Hackers Thr eat Intelligence Realized. Ratankba is the name that was