Advanced Persistent Threat

Four Foreign Forces: A CTI Analysis of APTs Targeting the U.S.

Abstract:

This paper analyzes the cyber threat landscape posed by advanced persistent threats (APTs) attributed to China, Iran, North Korea, and Russia. It focuses on active groups and their cyber activities targeting the United States. Utilizing cyber threat intelligence data from authoritative sources such as Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence (ODNI), Mandiant, and MITRE, this study identifies twelve key APT groups attributed to the four adversarial nations and creates a quick profile for each nation and group. It explores the common techniques and sub-techniques employed by each nation and then across all four nations. Examination of these nations, groups, and techniques then informs a list of six actionable mitigations that will enhance cybersecurity defenses targeting these adversarial groups in an efficient manner: User Training, Restrict Web-Based Content, Privileged Account Management, Network Intrusion Prevention, Execution Prevention, and Antivirus/Antimalware.

Published In

Volume 23, Issue 4

Written By

Bryon Miller

Towards Improving APT Mitigation: A Case for Counter-APT Red Teaming

Abstract:

Vulnerabilities leveraged by Advanced Persistent Threats (APTs) that ultimately allow them to gain access to critical data and unveil private information are often far removed from the portions of the security environment where initial access is gained. This paper presents a defensi- ble scholarly decomposition of the red-team process itself and discusses how traditional red-team assessments may not be the most effective solution for emulating APT threats and mitigating their impacts.

Published In

Volume 18, Issue 1

Written By

J.G. Oakley

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS

i

J

K

L

M

N

O

P
PDA

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com