This talk will focus on Facebook’s approach to disrupting persistent cyber threat groups on our platform, focusing on how we think about deterrence, attribution, and publicity around this work. We will start by framing out the deterrent levers that our teams have to address adversarial networks. We will then discuss how we mitigate these networks on our platforms and how we engage with others on these problems.
Though our teams focus on a variety of advanced threat actors, we will focus on cyber-espionage adversaries and their goals, and how we determine the most impactful route to disruption. We will illustrate this work with three recent public examples of our cyber espionage takedowns - Ocean Lotus (Vietnam), Earth Empusa (China), and Tortoiseshell (Iran). We will review the victimology and TTPs related to all three groups, and discuss why we believe it was beneficial to make these disruptions public.
Finally, we will start the conversation around the effects of these types of disruptions on the adversaries that we’ve observed.