<— Back

Clustering Malicious File Hosting in APAC (and Beyond!)

Where do threat actors choose to host their malware, and what does that reveal about their operations?

This talk presents an infrastructure-centric analysis of malicious file hosting across the Asia-Pacific region, based on long-term telemetry, and ASN-level clustering. By combining flow metadata and global routing intelligence, we identify persistent patterns in where malicious files are staged, how threat actors leverage regional infrastructure, and whether victims are primarily regional or global in scope.

Outline:

Drawing on data from dozens of countries and hosting providers, we explore:

• Clusters of abused ASNs and netblocks used to stage or distribute malware
• Trends in the geographic concentration of malware-hosting infrastructure within APAC
• How hosting choices correlate (or not) with victim geography
• Infrastructure reuse and behavioral signatures over time

We also highlight positive examples of regional cooperation between hosting providers, CERTs, and law enforcement, particularly work done in support of INTERPOL and other multilateral efforts to mitigate infrastructure abuse.

Rather than focusing on individual malware families, this talk emphasizes the underlying infrastructure that enables them. Attendees will gain insight into how infrastructure telemetry can support early threat detection, identify long-lived abuse platforms, and inform takedown efforts.

This talk is intended for analysts, researchers, and defenders looking to enhance their threat hunting and intelligence capabilities with a network and infrastructure-first perspective particularly those concerned with protecting users and infrastructure in the Asia-Pacific region.