Botconf Author Listing

Federico Valentini


Last known affiliation: Cleafy
Bio: Federico Valentini is passionate about technologies in general, with a deep interest in cybersecurity, particularly in Penetration Testing, Vulnerability Assessment, Malware Analysis, and Social Engineering. He’s currently leading the Threat Intelligence Team and Incident Response at Cleafy, and oversees all the activities related to monitoring and uncovering new threats and attack patterns used by malicious actors.
  
Date: 2023-04-13
Operation drIBAN: insight from modern banking frauds behind Ramnit
Federico Valentini 🗣 | Alessandro Strino 🗣

Abstract (click to view)

During the last three years, we have tracked and closely analyzed a specific TA, intending to infect Windows workstations on corporate environments trying to alter legitimate banking transfers performed by the victims. The main technique leveraged was the Automated Transfer System (ATS), enabled via custom web injects for changing the beneficiary and transferring money to an illegitimate bank account (money mule) controlled by themself or affiliates, which is then responsible for handling and laundering the stolen funds. The critical component behind those fraud operations was one of the most advanced banking trojans, Ramnit.

Even if Ramnit has already been described in the literature, because of our forefront position, it was possible to understand TA behavior deeply and reconstruct the whole infection chain that goes through the initial malspam campaign, an accurate selection of victims during the botnet construction, the Automatic Transfer System (ATS) technique for cash-out through wire transfers, and the final money laundering.

Slides Icon
PDF
Video
Scroll to Top