Federal Agent Bethany Fuller
[Australian Federal Police]
Bethany joined the Australian Federal Police (AFP) in 2013 and has worked in a diverse range of portfolios including Aviation, Intelligence and National Operations.
In 2016, Bethany transferred from investigations to intelligence and successfully achieved the AFPs first Diploma of Intelligence. She subsequently worked with the Joint Counter Terrorism Team’s and deployed to Queensland in 2018, serving in the Joint Intelligence Group for the Commonwealth Games.
In June 2018, she commenced in her current role, as an investigator with Cybercrime Operations in Canberra and is the Case Officer for Operation Cepheus, the AFP’s investigation into Imminent Monitor.
Bethany has completed studies in forensics and holds a B.A in Security Terrorism and Counterterrorism.
Imminent Monitor - a RAT Down Under
Technical Level (3 being the highest score): 2
Imminent Monitor is a commodity RAT (Remote Access Tool/Trojan), offered for sale since 2012. We have collected over 65,000 samples of Imminent Monitor malware, and observed it used in attacks against over 115,000 Palo Alto Networks customers.
Over 2 years ago, Palo Alto Networks, Unit 42 attributed the actor behind this RAT, an Australian, and referred it to the US Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP).
This presentation will detail this RAT, and unmask the veil of purported legitimacy of its features. We'll share how Unit 42 identified the author, allowing us to refer it to law enforcement. The AFP subsequently worked together with Europol and over a dozen national Law Enforcement agencies, going after not only the author, but also his coconspirators, and notably the customers of his malware with a coordinated action late November 2019, which continues to this day.
This is a case study of the value and success made possible by public/private partnerships and international law enforcement cooperation.
Reference links:
https://unit42.paloaltonetworks.com/imminent-monitor-a-rat-down-under/
https://www.afp.gov.au/news-media/media-releases/rat-trap-international-cybercrimeinvestigation-shuts-down-insidious
https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spywarewhich-takes-total-control-of-victims’-pcs
In 2016, Bethany transferred from investigations to intelligence and successfully achieved the AFPs first Diploma of Intelligence. She subsequently worked with the Joint Counter Terrorism Team’s and deployed to Queensland in 2018, serving in the Joint Intelligence Group for the Commonwealth Games.
In June 2018, she commenced in her current role, as an investigator with Cybercrime Operations in Canberra and is the Case Officer for Operation Cepheus, the AFP’s investigation into Imminent Monitor.
Bethany has completed studies in forensics and holds a B.A in Security Terrorism and Counterterrorism.
Imminent Monitor - a RAT Down Under
Technical Level (3 being the highest score): 2
Imminent Monitor is a commodity RAT (Remote Access Tool/Trojan), offered for sale since 2012. We have collected over 65,000 samples of Imminent Monitor malware, and observed it used in attacks against over 115,000 Palo Alto Networks customers.
Over 2 years ago, Palo Alto Networks, Unit 42 attributed the actor behind this RAT, an Australian, and referred it to the US Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP).
This presentation will detail this RAT, and unmask the veil of purported legitimacy of its features. We'll share how Unit 42 identified the author, allowing us to refer it to law enforcement. The AFP subsequently worked together with Europol and over a dozen national Law Enforcement agencies, going after not only the author, but also his coconspirators, and notably the customers of his malware with a coordinated action late November 2019, which continues to this day.
This is a case study of the value and success made possible by public/private partnerships and international law enforcement cooperation.
Reference links:
https://unit42.paloaltonetworks.com/imminent-monitor-a-rat-down-under/
https://www.afp.gov.au/news-media/media-releases/rat-trap-international-cybercrimeinvestigation-shuts-down-insidious
https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spywarewhich-takes-total-control-of-victims’-pcs
