Title
Abstract
TBA
Speaker
TBA
Stealth in the Shadows: Dissecting Earth Freybug's Recent Campaign and Operational Techniques
Abstract
In the evolving landscape of cybersecurity threats, Earth Freybug has emerged as a sophisticated adversary targeting organizations across a range of sectors, including notable activity within the Transportation, Manufacturing, and Chemical industries in the Asia-Pacific (APAC) region. This presentation will provide an overview of the group’s recent activities, focusing on their exploitation of critical vulnerabilities. Attendees will gain insights into Earth Freybug's malware arsenal, featuring key strains such as DEATHLOTUS, WINDJAMMER (also known as WINNKIT or the Winnti rootkit), SHADOWGAZE (also known as HIGHNOON), and CUNNINGPIGEON. These malware families contribute to the group's operations by facilitating initial access, enabling data exfiltration, and supporting lateral movement within compromised networks.
The presentation will delve into their sophisticated post-exploitation tactics, which involve employing layered strategies designed to maintain persistence and evade detection. Additionally, attention will be given to Earth Freybug's use of passive backdoor communication techniques, which limit outbound traffic and help maintain a low profile, thereby complicating detection and response efforts. By sharing their operational insights, this session aims to equip security professionals with the knowledge necessary to better detect and defend against this evolving threat landscape, ultimately enhancing their ability to safeguard their organizations from future attacks.
Speaker
Theo Chen
Leon Chang
Title
Abstract
TBA
Speaker
TBA
Behind the scenes of recent DarkPlum operations
Abstract
DarkPlum (publicly referred as Kimsuky, APT43) is a highly active cyber-espionage group linked to the Democratic People's Republic of Korea. Primarily, DarkPlum engages in espionage for military and diplomatic purposes, but it also conducts financially motivated attacks to fund its operations. Its main targets are government agencies and think tanks in South Korea and the United States, though it occasionally targets Japan. Since approximately March 2024, there have been continuous attacks on Japan.
In this presentation, we will begin by introducing three specific cases of attacks against Japan observed since March 2024. Following that, we will introduce the research methods we employ regularly. This includes sharing queries for gathering information on DarkPlum's attack infrastructure and malware using tools such as VirusTotal and Censys. Additionally, we have analysed large-scale network data to investigate relationships within DarkPlum's attack infrastructure, with the aim of uncovering the reality behind its operations. We will also provide examples of how this analysis can be applied to practical threat research and defence.
Speaker
Amata Anantaprayoon
Rintaro Koike
Kimsuky Wanna Be Your Social Network Friend
Abstract
This presentation focuses on Kimsuky, a North Korean government-sponsored cyber threat group, and their cyber espionage activities targeting South Korean Navy personnel in June 2024. Kimsuky utilized LinkedIn to profile key individuals in Navy communications and strategic defense sectors. Their main tactic involved social engineering, where they created fake personas based on real individuals with military backgrounds to gain the trust of victims. Initially, Kimsuky delivered spear-phishing messages through LinkedIn, which included Google Drive links leading to EGG files containing malicious JavaScript. In some instances, spear-phishing emails were also used. These malicious scripts were disguised as legitimate forms or inquiry documents, and when downloaded, PE malware was executed. The malware was obfuscated using VMProtect and RC4 encryption to hinder detection and reverse engineering efforts. Kimsuky’s June 2024 campaign targeting Navy personnel parallels their tactics in the 2021 Ministry of Foreign Affairs hack and the 2024 European defense industry attack, suggesting the same threat group was responsible. Kimsuky’s strategic interest in collecting intelligence on South Korean naval defense capabilities aimed to provide North Korea with critical information on maritime strategy and communication systems. Additionally, this presentation sheds light on Kimsuky’s operational security practices, such as using cryptocurrency for infrastructure and registering domains without personal verification, to enhance anonymity and evade detection. By analyzing their June 2024 campaign, this presentation offers valuable insights into Kimsuky’s evolving tactics, which are crucial for strengthening defenses against similar future cyber espionage activities.
Speaker
Hankuk Jo
Sangyoon Yoo
Jeonghee Ha
Follow the Clues: Everyday is lazarus.day
Abstract
The global cyber threat landscape is increasingly complex, with state-sponsored actors, cybercriminals, and hacktivists actively targeting various sectors. Cyber Threat Intelligence (CTI) firms play a vital role in tracking these actors and providing intelligence that security teams rely on to monitor threats. However, simply consuming CTI reports isn’t enough; security professionals must leverage CTI platforms, including open-source intelligence (OSINT), to proactively track and analyze threat actors. This presentation advocates for a proactive approach to threat intelligence, introducing key CTI platforms and strategies for building a comprehensive view of threat activities. A case study on Democratic People's Republic of Korea (DPRK) threat actors will illustrate this approach. Through the lazarus.day website, I’ve aggregated, analyzed, and tagged intelligence on DPRK actors, integrating OSINT for a full-spectrum analysis. This case underscores the value of combining multiple intelligence sources for effective threat tracking. Attendees will gain insights on optimizing CTI use for improved threat detection and response, enabling a strategic and proactive defense against evolving cyber threats.
Speaker
Jeonggak Lyu
Title
Abstract
TBA
Speaker
TBA
Evolution of Huapi Malware: Growing Focus on Edge Devices
Abstract
Huapi (aka BlackTech) is a China-nexus APT group that has been active for over a decade. In line with their ongoing threat landscape, this presentation offers an in-depth analysis of the evolution of Huapi’s malware, focusing on their increasing emphasis on targeting edge devices. We will examine three specific malware used by Huapi: SSHTD (aka ELF_PLEAD), Mabackdoor (aka Hipid), and Bifrost, detailing their evolution and technical characteristics. The analysis will cover incidents from 2022 to 2024 that targeted Taiwan and Japan. We will discuss the infection chains, such as the exploitation of the F5 vulnerability, as well as the execution flows of the malware. Our analysis will highlight recent updates to the malware, illustrating how these changes reflect Huapi’s evolving tactics, particularly their growing focus on edge devices. Additionally, we will outline Huapi’s C&C communication chain and provide an overview of their C&C infrastructure. Finally, we will conclude with recommended countermeasures and mitigation strategies.
Speaker
Yi-Chin Chuang
Yu-Tung Chang
Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions
Abstract
Since 2023, Earth Estries (aka Salt Typhoon, FamousSparrow, GhostEmperor, and UNC2286) has emerged as one of the most aggressive Chinese APT groups, primarily targeting critical industries such as telecommunications and government entities in the United States, the Asia-Pacific region, the Middle East, and South Africa. We will highlight their evolving attack techniques and analyze the motivations behind their operations, providing insights into their long-term targeted attacks. A key finding from our recent investigation is the discovery of a new backdoor, GHOSTSPIDER, identified during attacks on Southeast Asian telecom companies. We will explore the technical details of GHOSTSPIDER, its impact across multiple countries, and interesting findings from tracking its C&C infrastructure. We have also uncovered the group’s use of SNAPPYBEE (aka Deed RAT), another tool shared among Chinese APT groups. Additionally, we believe the threat actor used SoftEther VPN to establish their operational networks, complicating efforts to track their activities. Our analysis suggests that Earth Estries is a well-organized group with a clear division of labor. Based on observations from multiple campaigns, we speculate that attacks targeting different regions and industries are launched by different actors, further highlighting the complexity of the group's operations.
Speaker
Leon Chang
Theo Chen
Observation of phishing criminal groups related to illegal money transfers and Mizuho Bank's countermeasures -Fighting against phishing site malware 'KeepSpy'-
Abstract
In 2023, the National Police Agency announced that there were 5,578 cases of unauthorized money transfers related to Internet banking, with a total loss of approximately 8.7 billion yen, the highest number ever recorded. The situation remained the same in 2024, and financial institutions were still under threat from unauthorized money transfers. Mizuho Bank has been observing phishing sites and malware on a daily basis and is implementing measures to prevent unauthorized money transfers. There are several criminal groups targeting Mizuho, each with their own unique features in terms of phishing site design and methods of luring victims (e.g. email, SMS, etc.). The group using SMS is particularly tricky, having succeeded in making large amounts of fraudulent transfers, and urgent countermeasures are required. The SMS messages sent by the criminal group impersonating banks and other organizations use an Android malware called KeepSpy, which is designed to send SMS messages to third parties when it receives a command from the C2 server. To reduce the damage caused by fraudulent transfers, it is necessary to detect the sending of SMS messages to third parties as soon as possible and take down the phishing sites.
Mizuho investigated and analyzed KeepSpy and phishing sites used by the criminal group that abuses SMS. Based on the results, Mizuho developed a tool to capture SMS transmission commands from C2 servers and a phishing domain monitoring tool using Certstream. Using these tools, it is now possible to detect phishing sites when they are set up and to detect SMS transmission to third parties at an early stage.
This presentation introduces the threats and characteristics of criminal groups that performed unauthorized money transfers, the process of taking down phishing sites at Mizuho, and the mechanisms to detect the launch of criminal groups’ phishing sites and SMS transmissions using SMS.
In addition, practical knowledge that participants can apply to their own companies will be presented, with a discussion on the issues that financial institutions should address in the future.
Speaker
Hiroyuki Yako
Tsukasa Takeuchi
Takuya Endo
Title
Abstract
TBA
Speaker
TBA
Active Monitoring and Response to User Credential Leaks
Abstract
In traditional phishing, attackers targeted a wide range of people and stole personal information, particularly credentials for major websites and credit card information. However, there was a change in the TTPs used by attackers in a certain industry recently. In the initial breach, the attacker sent InfoStealer-type malware to the company’s employees, used the credentials obtained by the Stealer to penetrate the web service, and then set up phishing via the web service to steal credit card information from users.
InfoStealer collects various useful information, such as credentials and autocomplete data stored in the browser of an infected device, which means that the attack does not only affect specific sites or services, but can be used to compromise any web service once the data set has been created. Some actors create this data set themselves, while others use publicly available data sets to compromise web services.
Unlike conventional list-type attacks, it is extremely difficult for web service providers to detect unauthorized access because the credentials used to access the site are highly accurate. Even if it is detected, password reset is not a reliable countermeasure because malware may still be on the device.
In addition, it is thought that these threats and TTPs are not limited to specific industries. The presenters have been actively monitoring data sets leaked by InfoStealer on the dark web and Telegram, and they have also been trying to prevent attacks using the Stealer data sets on industries with the same business structure. In this talk, they will share their efforts to deal with InfoStealer infections, with specific examples and case studies.
Speaker
Yuji Ino
Masaki Yoshikawa
Title
Abstract
TBA
Speaker
TBA
Title
Abstract
TBA
Speaker
TBA
Title
Abstract
TBA
Speaker
TBA
Title
Abstract
TBA
Speaker
TBA
Operation AkaiRyū: MirrorFace invites Europe to EXPO 2025 and revives ANEL backdoor
Abstract
In August 2024, we detected cyberespionage activity carried out by the MirrorFace APT group against a Central European diplomacy institute in relation to EXPO 2025, which will be held in Japan. This is the first time that we have observed MirrorFace targeting an entity based in Europe. The attack followed the same pattern observed throughout 2024. We named the series of the attacks “Operation AkaiRyū”. In our presentation, we go through the whole compromise chain, thoroughly explaining all the stages. Starting with the spearphishing email messages, we describe how MirrorFace managed to trick one of its targets to open the linked malicious file. Next, we explain the process of the ANEL backdoor’s deployment, which MirrorFace has started using as the first-line backdoor. We continue the presentation with a description of the subsequent deployment of HiddenFace and related loaders, alongside other auxiliary tools necessary to fulfill MirrorFace’s objectives. This includes establishing Visual Studio Code remote tunnels to maintain stealthy remote access. Further, we discuss MirrorFace’s operational security improvements introduced in 2024. Finally, we discuss the relationship between the groups APT10 and MirrorFace.
Speaker
Dominik Breitenbacher
Hack The Sandbox: Unveiling the Truth Behind Disappearing Artifacts
Abstract
From 2023 to 2024, the attack campaign by the notorious APT group "APT10" (also known as MirrorFace, Earth Kasha) has been observed, in which "LilimRAT" and "NOOPDOOR" were used as payloads in second-stage. These malwares are specifically intended and designed to execute within Windows Sandbox environment.
Windows Sandbox is available in Windows 10 Pro or later versions. It is designed and implemented as an ephemeral virtual environment to test applications. When the sandbox is closed, all data within it is deleted, which typically does not affect the host system. However, using a configuration file, the sandbox can be configured to access the host system or other networks and to execute arbitrary commands at sandbox startup.
In this campaign, Windows Sandbox was abused in an attempt to evade detections by security products and to obstruct forensic investigations. Given the complexities of implementing countermeasures and investigations, there are significant risks that similar techniques might be adopted in targeted attacks and other cyberattacks.
In this presentation, we will provide in-depth investigation results of Windows Sandbox based on the analysis of the attacks observed in the wild and the forensic artifacts. Additionally, we will cover key insights for monitoring and investigation from a blue team perspective.
Speaker
Satoshi Kamekawa
Shuhei Sasada
Yusuke Niwa
Handling Threat Intelligence: Techniques of Consuming and Creating Threat Intelligence
Abstract
To prevent APT actors from conducting attacks and to avoid similar attacks, it is important to collect and analyze various information on attack groups and its methods, and to use this information to develop “threat intelligence” that can be used for prevention and detection. It is also possible to promote early warning by analyzing the attack methods and sharing created threat intelligence within and outside the organization.
You may think of malware analysis, vulnerability analysis, and forensic analysis when you talk about attack method analysis. However, how do you use the information gained from analysis to prevent and detect attacks? In this workshop, you will learn how to analyze and understand the attack methods used by actors, based on the information uncovered through malware analysis, forensic analysis, etc., using the MITRE ATT&CK framework and other methods. In addition, you will learn about techniques for creating IOCs useful for prevention and detection, how to apply them to threat hunting, penetration testing, and detection engineering, and consideration of countermeasures.
This workshop covers two aspects of threat intelligence for those new to the field. First, we will introduce the theoretical foundations of threat intelligence and explain key concepts such as definitions and types of intelligence, and the intelligence cycle. Second, we will focus on techniques for generating and utilizing threat intelligence. Specifically, you will learn about Tactical Intelligence, which generates and applies Indicators of Compromise (IOCs), and Operational Intelligence, which analyzes attackers’ tactics, techniques, and procedures (TTPs) based on MITRE ATT&CK framework. You will also learn about techniques that can be applied to enhance security operations, such as threat hunting, purple teaming, and detection engineering, based on the knowledge you acquire.
Speaker
Tomohisa Ishikawa
Tatsuya Daitoku
Hiroyuki Tomiyama
Requirements
- Laptop with Internet access
Advance Preparation
-
The following tools must be available on the laptop:
- Web browser with no viewing restrictions, etc.
- Spreadsheet application (e.g. Microsoft Excel)
- SSH and RDP connections
Skills
- Ideally, you should be able to use basic Linux commands (as you will be asked to execute some commands on the Linux instance).
Notes
This talk is not translated into English.
Introduction to Analyzing Malware Anti-Analysis Features Using IDA and Ghidra Plugin
Abstract
Malware developers implement anti-analysis functions. When debuggers and other tools are detected, the malware may stop operating or behave in a way that confuses the analyst to make analysis difficult. There are various methods for implementing anti-analysis functions, and in large-scale email distribution campaigns and ransomware, VM detection, breakpoint detection, and time difference detection are often employed. In this workshop, “AntiDebugSeeker”, a plugin that automatically extracts anti-analysis functions, will be used. This plugin can be used with IDA and Ghidra, and is compatible with PE file malware. Through the GUI, it is easy to understand anti-analysis functions, and even for anti-analysis functions that you have never seen before, the explanation function will help you understand the overview and consider how to handle them. In addition, you can freely customize the detection rules, allowing you to customize not only the anti-analysis function but also the detection range according to your preference.
https://github.com/LAC-Japan/IDA_Plugin_AntiDebugSeekerhttps://github.com/LAC-Japan/Ghidra_AntiDebugSeeker
This workshop will introduce tools and provide exercises and explanations for each sample, aimed at those who have just started analyzing malware or learning about anti-analysis functions. The focus will be on solving anti-analysis functions, as well as the accompanying elements of malware analysis. Explanations will be given using two different methods, one for IDA users and the other for Ghidra users.
Speaker
Takahiro Takeda
Requirements
- Laptop with Internet access
Advance Preparation
-
Install the following on a Windows OS in a virtual environment:
- Ghidra 11.0.1 (to be used in the virtual environment described above) + Ghidra_AntiDebugSeeker (Please refer to the section on "Ghidra Extension How to Setup and Execute" on GitHub for information on how to add AntiDebugSeeker to Ghidra.)
- IDA Pro (if you normally use it) + IDA_AntiDebugSeeker
- x32dbg
- x64dbg
- ProcessHacker, or something else that can show you the running processes.
Skills
-
Minimum required skills:
- You can build a secure environment for malware analysis by yourself. Recommended skills:
- You have analyzed malware using Ghidra before.
- You have performed simple dynamic analysis before.
- You have performed dynamic analysis using a debugger before.
Notes
This talk is not translated into English.
LIGHTNING TALK SESSION
Slot #1
Title: TBA
Speaker: TBA
Slot #2
Title: TBA
Speaker: TBA
Slot #3
Title:
Speaker: TBA
Slot #4
Title:
Speaker: TBA
Slot #5
Title:
Speaker: TBA
Title
Abstract
TBA
Speaker
TBA
Requirements
- TBA
Advance Preparation
- TBA
Skills
- TBA
Name
Details
Details
Rintaro Koike
NTT Security Holdings
Rintaro Koike is a security analyst at NTT Security Holdings. He is engaged in threat research and malware analysis. In addition, he is the founder of "nao_sec" and is in charge of threat research. He focuses on APT attacks targeting East Asia and web-based attacks. He has been a speaker at VB, SAS, Botconf, AVAR and others.
Amata Anantaprayoon
NTT Security Holdings
Amata Anantaprayoon is a security analyst at NTT Security Holdings and specializes in real-time threat detection, incident response, detection engineering, and cyber threat research. Amata regularly shares his insights at leading conferences such as Virus Bulletin as well as at closed events as a key member of NTT´s Threat Intelligence research community.
Hiroyuki Yako
Mizuho Financial Group, Inc.
Hiroyuki joined Mizuho Financial Group, Inc. in 2017 after working for a security company as a consultant. As a member of its CSIRT, he is engaged in a wide range of operations from incident handling, SOC management and planning to threat intelligence. He is also responsible for security measures against phishing and unauthorized Internet banking transactions.
Tsukasa Takeuchi
Mizuho Financial Group, Inc.
Tsukasa joined Mizuho Financial Group, Inc. in 2014. After working in its sales department in some local branches and engaged in planning/operation of customer products (mainly Internet banking), he moved to the current cyber security position. He first started with the overall security for the Internet banking system and currently oversees cyber security incident response including phishing.
Takuya Endo
Mizuho Financial Group, Inc.
Takuya joined Mizuho Financial Group, Inc. in 2020. In his previous position, he worked as a malware and forensic analyst as well as SOC operation lead. At present, he is in charge of log investigation and malware analysis, while operating and developing its threat intelligence collection system.
Hankuk Jo
NSHC
Hankuk Jo is a researcher at the Threat Research Lab of NSHC, specializing in cybersecurity and threat intelligence. He is passionate about sharing his insights and primarily focuses on analyzing the tactics, techniques, and procedures (TTPs) employed by cyber attackers, leveraging threat intelligence data.
Sangyoon Yoo
NSHC
Sangyoon Yoo is a seasoned professional in the field of cyber threat intelligence and research, currently working at the Threat Research Lab of NSHC. With a strong background in analyzing and researching various cybersecurity threats, Sangyoon has developed expertise in threat intelligence, game hacking tools, and malware analysis.
Jeonghee Ha
NSHC
Jeonghee Ha is a researcher at the Threat Research Lab of NSHC. Previously, JeongHee worked as an Incident Response Analyst and also has experience in CERT, analyzing threat events and providing first response. Jeonghee is primarily interested in threat data related to cybercrime groups and has a strong interest in digital forensic techniques.
Takahiro Takeda
LAC Co., Ltd
Takahiro is a malware analyst at Cyber Emergency Center in LAC Co., Ltd. He teaches at LAC Security Academy and authors some related publications. He has presented at international conferences such as PACSEC, AVAR, HITCON, Virus Bulletin and Black Hat USA Arsenal.
Theo Chen
Trend Micro
Theo Chen is a Senior Threat Researcher at Trend Micro, bringing over five years of comprehensive experience in the cybersecurity domain. His areas of expertise include penetration testing, malware analysis, and threat hunting, with a strong focus on understanding and mitigating advanced cyber threats. Throughout his career, Theo has been involved in multiple initiatives aimed at strengthening organizational security, focusing on detecting advanced threats and designing proactive defense strategies. Currently, He specializes in tracking APT groups, particularly those associated with Chinese-speaking actors. His work involves in-depth analysis of emerging cyber threats and TTPs employed by these sophisticated adversaries.
Leon Chang
Trend Micro
Leon Chang is a Senior Threat Researcher at Trend Micro. His major areas of research include APT campaign tracking, threat intelligence and malware analysis. He has also been a speaker at international conferences, including Black Hat Asia 2022, JSAC 2021/2022, CYBERSEC and AISA, etc.
Jeonggak Lyu
Financial Security Institute
He is the CSIRT Lead at the Financial Security Institute in South Korea, with over two decades of experience in cybersecurity focused on the financial sector. His expertise spans vulnerability assessments, penetration testing, security operations, and incident response, ensuring robust defenses against evolving cyber threats. Beyond his primary role, he actively tracks Democratic People's Republic of Korea (DPRK) state-sponsored threat actors as a personal side project, managing the website lazarus.day and the X (formerly Twitter) account lazarusholic, where he shares in-depth analysis and insights on these cyber adversaries.
Yi-Chin Chuang
TeamT5
Yi-Chin Chuang is a threat intelligence researcher at TeamT5. She is passionate about reverse engineering and malware analysis. Her current research focuses on APT threats within the APAC region. She has shared her research findings at Underground Economy, JSAC, CYBERSEC, and TAS.
Yu-Tung Chang
TeamT5
Yu-Tung Chang is a Threat Intelligence Researcher from TeamT5. He is interested in reverse engineering, vulnerability exploiting and malware analysis. He was engaged in network attacks research and rule writing. Currently, his research focuses on cyber threat intelligence in the East Asia region. He has spoken at Code Blue, TAS and JSAC.
Satoshi Kamekawa
ITOCHU Cyber & Intelligence Inc.
Satoshi engages in incident response and threat analysis at ITOCHU Cyber & Intelligence Inc.
Shuhei Sasada
ITOCHU Cyber & Intelligence Inc.
Shuhei engages in incident response and threat analysis at ITOCHU Cyber & Intelligence Inc.
Yusuke Niwa
ITOCHU Cyber & Intelligence Inc.
Yusuke engages in incident response and threat analysis at ITOCHU Cyber & Intelligence Inc.
Yuji Ino
Recruit Co.
Yuji joined Recruit Technologies Co.,Ltd in 2016. As a member of Recruit-CSIRT, he leads security incident response in Recruit. In April 2021, he launched the Cybercrime Countermeasures Group, specializing in analysis and investigation of fraudulent credit card use and spoofed logins for the purpose of cybercrime countermeasures. CISSP, GCIH, GCTI, GNFA.
Masaki Yoshikawa
Recruit Co.
Masaki is engaged in vulnerability assessment and penetration testing at Recruit Co. Currently, he focuses on security incident response, monitoring and threat hunting at Recruit-CSIRT.
Dominik Breitenbacher
ESET
Dominik is a malware researcher at ESET. Coming from academia, he joined ESET in 2019 to help track the activities of APT groups with a particular focus on the China-aligned group MirrorFace. He previously presented at AVAR and also at JSAC 2024. In his spare time, he plays video games and watches bad movies.
Tomohisa Ishikawa
Tokio Marine Holdings, Inc.
Tomohisa has experienced penetration testing, security audit and incident response at a security company since 2009. Currently, at Tokio Marine Holdings, Inc., he specializes in security strategy planning, security architecture, threat intelligence analysis and incident response. He is a committee member for the Information-Technology Engineers Examination and Registered Information Security Specialist Examination, as well as a Cyber Security Expert at the Ministry of Internal Affairs and Communications. He also authors and translates some technical publications.
Tatsuya Daitoku
Tokio Marine Holdings, Inc.
Tatsuya was a Technical Official at the National Police Agency for 16 years, specializing in cyber crime and cyber terrorism. While seconded to the Metropolitan Police Department, he dealt with international criminal organizations. After moving to a security company, he was involved in forensics, intelligence and training for government agencies. Since 2022, he oversees security operations, incident response and security measures for local and overseas group companies at Tokio Marine Holdings, Inc.
Hiroyuki Tomiyama
Tokio Marine Holdings, Inc.
Hiroyuki started his career at Tokio Marine Nichido Systems in 2009. He had been tasked with cyber security measures for its group companies in 2016. Being seconded to Tokio Marine Holdings, Inc. since 2023, he is now responsible for security measures for the CSIRT and both local and overseas group companies. OSCP, CISSP, CISA, RISS and ITILv3Expert.