Four Foreign Forces: A CTI Analysis of APTs Targeting the U.S.
Abstract:
This paper analyzes the cyber threat landscape posed by advanced persistent threats (APTs) attributed to China, Iran, North Korea, and Russia. It focuses on active groups and their cyber activities targeting the United States. Utilizing cyber threat intelligence data from authoritative sources such as Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence (ODNI), Mandiant, and MITRE, this study identifies twelve key APT groups attributed to the four adversarial nations and creates a quick profile for each nation and group. It explores the common techniques and sub-techniques employed by each nation and then across all four nations. Examination of these nations, groups, and techniques then informs a list of six actionable mitigations that will enhance cybersecurity defenses targeting these adversarial groups in an efficient manner: User Training, Restrict Web-Based Content, Privileged Account Management, Network Intrusion Prevention, Execution Prevention, and Antivirus/Antimalware.
AUTHORS
Old Dominion University
Norfolk, Virginia, United States of America
Bryon Miller works full time as the director of the Computer Sciences Division at Northeast Alabama Community College, where he also teaches cybersecurity coursework and coaches esports teams that compete nationally. He is an Allied Faculty Instructor for the University of Mount Olive, where he teaches computer information systems and cybersecurity courses. He works on call for the Center for Cybersecurity Research and Engineering at the University of Alabama in Huntsville as a Research Engineer. He is also a Trainer for ISACA, where he teaches the Certified in Emerging Technology curriculum. Miller lives in Scottsboro, Alabama with his wife, two children, and their many pets. He obtained his BS in Psychology from Liberty University, his MBA in Information Systems from the University of North Alabama, and his MS in Cybersecurity from Old Dominion University. He is currently a PhD candidate for the Information Technology/Cyber Engineering degree at University of the Cumberlands. He is an award-winning researcher with publications in peer-reviewed journals focused on information systems and cybersecurity. He is an active member of academic organizations such as Beta Gamma Sigma and Phi Kapp Phi and cybersecurity organizations including Cyber Huntsville, ISACA, ISSA, and others.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
