Schoolbell and the Kingslayer

Kent Backman

In this report, Mr. Backman will describe the investigation by RSA researchers into the threat actor infrastructure behind a global espionage-related network of thousands of infected servers, dubbed “Schoolbell.”  In the course of the Schoolbell investigation, RSA uncovers “Kingslayer”, a sysadmin-targeting software supply-chain attack that otherwise would have gone unnoticed.  This talk is recommended for sysadmins, and conference attendees interested in cyber espionage.  Because Schoolbell and Kingslayer research is ongoing, expect late-breaking information to be dropped first at Countermeasure.