What do APT 29, APT 37, and APT 40 have in common? They all have capabilities that use steganography (MITRE ATT&CK technique T1027.003) for command and control. This edition of #TechTalkTuesday will cover what steganography is, why it matters, how it works, and how to defend and hunt for it.

SNSCat Talk from Shmoocon/Blackhat 2012 by Solomon Sonya & Dan Gunter:

https://www.youtube.com/watch?v=-SNtYdJ3B9s

ESET Research Paper on Operation Ghost:

https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/