Ryo Minakawa

Ryo is a malware and intelligence analyst at NTT DOCOMO Business, where he is currently responsible for attack surface and vulnerability information management at NTTCom-SIRT.

Some of his research has been presented at JSAC (2023, 2024), BSides Las Vegas 2024, AVTOKYO 2024, and Botconf 2025.

Ghost in the 7‑Zip: The Shadow of Residential Proxies Creeping into Your Life

In January 2026, a security incident involving a fraudulent 7-Zip installer caused a significant stir in Japan. Analysis of sample submissions and query patterns on VirusTotal confirms that a wide range of organizations across the country were impacted by this campaign.

In this talk, I will dissect the attack campaign utilizing the fake 7-Zip installer and explore related operations linked to the same threat actor. I will specifically focus on the residential proxy networks being built behind these attacks and detail the methodologies used to investigate them. Furthermore, while fake installer incidents are often oversimplified as mere “stepping stone” compromises, I will provide a clear, step-by-step perspective on the technical evolution of the attack and the real-world consequences as the operation unfolds.