HeadCrab is a highly elusive and sophisticated malware created by an advanced threat actor who utilized custom-made Redis Modules and APIs to build a full-scale malicious framework. Since 2021, the highly advanced malware has deployed several highly technical novel techniques which allowed it to infiltrate servers worldwide. It was evident that the threat actor made operational security a top priority, with several hiding techniques including specifically bypassing security solutions.

In this session, we will share with you a rare and fascinating story of the attack, the tactics we employed to communicate with the attacker, and our technical analysis of both the malware and the persistent tool. We will delve into the malware's 50+ malicious capabilities, including its use of custom Redis commands as communication methods, overwriting Redis commands to avoid detection and fileless attacks to remain hidden. We will also disclose never-before-seen information about a new variant of the malware and the changes the threat actor made to avoid detection.

Furthermore, we will walk you through our investigation of the command-and-control infrastructure of both variants, which led to the discovery that over 2,000 compromised servers were being used as a botnet to help the attacker stay anonymous.

Join us for a captivating and insightful session, getting a glimpse into this advanced operation and the mind behind it.

Key Takeaways:

• HeadCrab Sophistication: How this advanced malware was crafted with custom tools for stealthy operations.
• Evasion Techniques: Insights into the unique methods used to evade detection and maintain a low profile on infected servers.
• Global Impact: Learn about the extensive reach of HeadCrab malware, which commandeered a botnet of over 2,000 servers, showcasing its capacity as a pervasive cybersecurity threat.