Advanced persistent threat

Last updated

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. [1] [2] In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals. [3]

Contents

Such threat actors' motivations are typically political or economic. [4] Every major business sector has recorded instances of cyberattacks by advanced actors with specific goals, whether to steal, spy, or disrupt. These targeted sectors include government, defense, financial services, legal services, industrial, telecoms, consumer goods and many more. [5] [6] [7] Some groups utilize traditional espionage vectors, including social engineering, human intelligence and infiltration to gain access to a physical location to enable network attacks. The purpose of these attacks is to install custom malware (malicious software). [8]

APT attacks on mobile devices have also become a legitimate concern, since attackers are able to penetrate into cloud and mobile infrastructure to eavesdrop, steal, and tamper with data. [9]

The median "dwell-time", the time an APT attack goes undetected, differs widely between regions. FireEye reported the mean dwell-time for 2018 in the Americas as 71 days, EMEA as 177 days, and APAC as 204 days. [5] Such a long dwell-time allows attackers a significant amount of time to go through the attack cycle, propagate, and achieve their objectives.

Definition

Definitions of precisely what an APT is can vary, but can be summarized by their named requirements below:

History and targets

Warnings against targeted, socially-engineered emails dropping trojans to exfiltrate sensitive information were published by UK and US CERT organisations in 2005. This method was used throughout the early 1990s and does not in itself constitute an APT. The term "advanced persistent threat" has been cited as originating from the United States Air Force in 2006 [13] with Colonel Greg Rattray cited as the individual who coined the term. [14]

The Stuxnet computer worm, which targeted the computer hardware of Iran's nuclear program, is one example of an APT attack. In this case, the Iranian government might consider the Stuxnet creators to be an advanced persistent threat.[ citation needed ] [15]

Within the computer security community, and increasingly within the media, the term is almost always used in reference to a long-term pattern of sophisticated computer network exploitation aimed at governments, companies, and political activists, and by extension, also to ascribe the A, P and T attributes to the groups behind these attacks. [16] Advanced persistent threat (APT) as a term may be shifting focus to computer-based hacking due to the rising number of occurrences. PC World reported an 81 percent increase from 2010 to 2011 of particularly advanced targeted computer attacks. [17]

Actors in many countries have used cyberspace as a means to gather intelligence on individuals and groups of individuals of interest. [18] [19] [20] The United States Cyber Command is tasked with coordinating the US military's offensive and defensive cyber operations. [21]

Numerous sources have alleged that some APT groups are affiliated with, or are agents of, governments of sovereign states. [22] [23] [24] Businesses holding a large quantity of personally identifiable information are at high risk of being targeted by advanced persistent threats, including: [25]

A Bell Canada study provided deep research into the anatomy of APTs and uncovered widespread presence in Canadian government and critical infrastructure. Attribution was established to Chinese and Russian actors. [28]

Life cycle

A diagram depicting the life cycle staged approach of an advanced persistent threat (APT), which repeats itself once complete. Advanced persistent threat lifecycle.jpg
A diagram depicting the life cycle staged approach of an advanced persistent threat (APT), which repeats itself once complete.

Actors behind advanced persistent threats create a growing and changing risk to organizations' financial assets, intellectual property, and reputation [29] by following a continuous process or kill chain:

  1. Target specific organizations for a singular objective
  2. Attempt to gain a foothold in the environment (common tactics include spear phishing emails)
  3. Use the compromised systems as access into the target network
  4. Deploy additional tools that help fulfill the attack objective
  5. Cover tracks to maintain access for future initiatives

In 2013, Mandiant presented results of their research on alleged Chinese attacks using APT method between 2004 and 2013 [30] that followed similar lifecycle:

In incidents analysed by Mandiant, the average period over which the attackers controlled the victim's network was one year, with longest – almost five years. [30] The infiltrations were allegedly performed by Shanghai-based Unit 61398 of People's Liberation Army. Chinese officials have denied any involvement in these attacks. [32]

Previous reports from Secdev had previously discovered and implicated Chinese actors. [33]

Mitigation strategies

There are tens of millions of malware variations, [34] which makes it extremely challenging to protect organizations from APT. While APT activities are stealthy and hard to detect, the command and control network traffic associated with APT can be detected at the network layer level with sophisticated methods. Deep log analyses and log correlation from various sources is of limited usefulness in detecting APT activities. It is challenging to separate noises from legitimate traffic. Traditional security technology and methods have been ineffective in detecting or mitigating APTs. [35] Active cyber defense has yielded greater efficacy in detecting and prosecuting APTs (find, fix, finish) when applying cyber threat intelligence to hunt and adversary pursuit activities. [36] [37] Human-Introduced Cyber Vulnerabilities (HICV) are a weak cyber link that are neither well understood nor mitigated, constituting a significant attack vector. [38]

APT groups

China

Iran

North Korea

Russia

Turkey

United States

Uzbekistan

Vietnam

Naming

Multiple organizations may assign different names to the same actor. As separate researchers could each have their own varying assessments of an APT group, companies such as CrowdStrike, Kaspersky, Mandiant, and Microsoft, among others, have their own internal naming schemes. [80] Names between different organizations may refer to overlapping but ultimately different groups, based on various data gathered.

CrowdStrike assigns animals by nation-state or other category, such as "Kitten" for Iran and "Spider" for groups focused on cybercrime. [81] Other companies have named groups based on this system Rampant Kitten, for instance, was named by Check Point rather than CrowdStrike. [82]

Dragos bases its names for APT groups on minerals. [80]

Mandiant assigns numbered acronyms in three categories, APT, FIN, and UNC, resulting in APT names like FIN7. Other companies using a similar system include Proofpoint (TA) and IBM (ITG and Hive). [80]

Microsoft used to assign names from the periodic table, often stylized in all-caps (e.g. POTASSIUM); in April 2023, Microsoft changed its naming schema to use weather-based names (e.g. Volt Typhoon). [83]

See also

Notes

  1. active since 2013, unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations [72] ) and appears to provide services for other APTs. [73] For example, the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted. [72]

Related Research Articles

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

Cyberwarfare by China is the aggregate of cyberattacks attributed to the organs of the People's Republic of China and various related advanced persistent threat (APT) groups.

<span class="mw-page-title-main">PLA Unit 61398</span> Chinese advanced persistent threat unit

PLA Unit 61398 is the Military Unit Cover Designator (MUCD) of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks. The unit is stationed in Pudong, Shanghai, and has been cited by US intelligence agencies since 2002.

Cyberwarfare is a part of the Iranian government's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field. Since November 2010, an organization called "The Cyber Defense Command" has been operating in Iran under the supervision of the country's "Passive Civil Defense Organization" which is itself a subdivision of the Joint Staff of Iranian Armed Forces.

Cozy Bear is a Russian advanced persistent threat hacker group believed to be associated with Russian foreign intelligence by United States intelligence agencies and those of allied countries. Dutch signals intelligence (AIVD) and American intelligence had been monitoring the group since 2014 and was able to link the hacker group to the Russian foreign intelligence agency (SVR) after compromising security cameras in their office. CrowdStrike and Estonian intelligence reported a tentative link to the Russian domestic/foreign intelligence agency (FSB). Various groups designate it CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452 with a tentative connection to Russian hacker group YTTRIUM. Symantec reported that Cozy Bear had been compromising diplomatic organizations and national governments since at least 2010. Der Spiegel published documents in 2023 purporting to link Russian IT firm NTC Vulkan to Cozy Bear operations.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Advanced Persistent Threat 33 (APT33) is a hacker group identified by FireEye as being supported by the government of Iran. The group has also been called Elfin Team, Refined Kitten, Magnallium, Peach Sandstorm, and Holmium.

Helix Kitten is a hacker group identified by CrowdStrike as Iranian.

China Chopper is a web shell approximately 4 kilobytes in size, first discovered in 2012. This web shell is commonly used by malicious Chinese actors, including advanced persistent threat (APT) groups, to remotely control web servers. This web shell has two parts, the client interface and the receiver host file on the compromised web server.

Red Apollo is a Chinese state-sponsored cyberespionage group which has operated since 2006. In a 2018 indictment, the United States Department of Justice attributed the group to the Tianjin State Security Bureau of the Ministry of State Security.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

Double Dragon is a hacking organization with alleged ties to the Chinese Ministry of State Security (MSS). Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include APT44, Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

Hafnium is a cyber espionage group, sometimes known as an advanced persistent threat, with alleged ties to the Chinese government. Hafnium is closely connected to APT40.

Pipedream is a software framework for malicious code targeting programmable logic controllers (PLCs) and industrial control systems (ICS). First publicly disclosed in 2022, it has been described as a "Swiss Army knife" for hacking. It is believed to have been developed by state-level Advanced Persistent Threat actors.

Gamaredon, also known as Primitive Bear, UNC530, ACTINIUM, or Aqua Blizzard is a Russian advanced persistent threat that has been active since at least 2013.

Volt Typhoon is an advanced persistent threat engaged in cyberespionage reportedly on behalf of the People's Republic of China. Active since at least mid-2021, the group is known to primarily target United States manufacturing, utility, transportation, construction, maritime, defense, information technology, and education sectors. Volt Typhoon focuses on espionage, data theft, and credential access.

<span class="mw-page-title-main">Hubei State Security Department</span> Regional branch of Chinas Ministry of State Security

The Hubei State Security Department is the regional branch of the Chinese Ministry of State Security (MSS) responsible for national security and secret policing in Hubei province of central China. Founded in 1993, it is headquartered in the provincial capital of Wuhan, with subordinate offices in cities and towns across the province.

References

  1. "What Is an Advanced Persistent Threat (APT)?". www.kaspersky.com. Archived from the original on 22 March 2021. Retrieved 11 August 2019.
  2. "What Is an Advanced Persistent Threat (APT)?". Cisco. Archived from the original on 22 March 2021. Retrieved 11 August 2019.
  3. 1 2 3 Maloney, Sarah. "What is an Advanced Persistent Threat (APT)?". Archived from the original on 7 April 2019. Retrieved 9 November 2018.
  4. Cole., Eric (2013). Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization. Syngress. OCLC   939843912.
  5. 1 2 "M-Trends Cyber Security Trends". FireEye. Archived from the original on 21 September 2021. Retrieved 11 August 2019.
  6. "Cyber Threats to the Financial Services and Insurance Industries" (PDF). FireEye. Archived from the original (PDF) on 11 August 2019.
  7. "Cyber Threats to the Retail and Consumer Goods Industry" (PDF). FireEye. Archived from the original (PDF) on 11 August 2019.
  8. "Advanced Persistent Threats: A Symantec Perspective" (PDF). Symantec. Archived from the original (PDF) on 8 May 2018.
  9. Au, Man Ho (2018). "Privacy-preserving personal data operation on mobile cloud—Chances and challenges over advanced persistent threat". Future Generation Computer Systems. 79: 337–349. doi:10.1016/j.future.2017.06.021.
  10. 1 2 3 "Advanced Persistent Threats (APTs)". IT Governance. Archived from the original on 11 August 2019. Retrieved 11 August 2019.
  11. "Advanced persistent Threat Awareness" (PDF). TrendMicro Inc. Archived (PDF) from the original on 10 June 2016. Retrieved 11 August 2019.
  12. "Explained: Advanced Persistent Threat (APT)". Malwarebytes Labs. 26 July 2016. Archived from the original on 9 May 2019. Retrieved 11 August 2019.
  13. "Assessing Outbound Traffic to Uncover Advanced Persistent Threat" (PDF). SANS Technology Institute. Archived from the original (PDF) on 26 June 2013. Retrieved 14 April 2013.
  14. "Introducing Forrester's Cyber Threat Intelligence Research". Forrester Research. Archived from the original on 15 April 2014. Retrieved 14 April 2014.
  15. Beim, Jared (2018). "Enforcing a Prohibition on International Espionage" . Chicago Journal of International Law. 18: 647–672. ProQuest   2012381493. Archived from the original on 22 May 2021. Retrieved 18 January 2023.
  16. "Advanced Persistent Threats: Learn the ABCs of APTs - Part A". SecureWorks. Archived from the original on 7 April 2019. Retrieved 23 January 2017.
  17. Olavsrud, Thor (30 April 2012). "Targeted Attacks Increased, Became More Diverse in 2011". CIO Magazine . Archived from the original on 14 April 2021. Retrieved 14 April 2021.
  18. "An Evolving Crisis". BusinessWeek. 10 April 2008. Archived from the original on 10 January 2010. Retrieved 20 January 2010.
  19. "The New E-spionage Threat". BusinessWeek. 10 April 2008. Archived from the original on 18 April 2011. Retrieved 19 March 2011.
  20. Rosenbach, Marcel; Schulz, Thomas; Wagner, Wieland (19 January 2010). "Google Under Attack: The High Cost of Doing Business in China". Der Spiegel. Archived from the original on 21 January 2010. Retrieved 20 January 2010.
  21. "Commander Discusses a Decade of DOD Cyber Power". U.S. DEPARTMENT OF DEFENSE. Archived from the original on 19 September 2020. Retrieved 28 August 2020.
  22. "Under Cyberthreat: Defense Contractors". Bloomberg.com. BusinessWeek. 6 July 2009. Archived from the original on 11 January 2010. Retrieved 20 January 2010.
  23. "Understanding the Advanced Persistent Threat". Tom Parker. 4 February 2010. Archived from the original on 18 February 2010. Retrieved 4 February 2010.
  24. "Advanced Persistent Threat (or Informationized Force Operations)" (PDF). Usenix, Michael K. Daly. 4 November 2009. Archived (PDF) from the original on 11 May 2021. Retrieved 4 November 2009.
  25. "Anatomy of an Advanced Persistent Threat (APT)". Dell SecureWorks. Archived from the original on 5 March 2016. Retrieved 21 May 2012.
  26. Ingerman, Bret; Yang, Catherine (31 May 2011). "Top-Ten IT Issues, 2011". Educause Review. Archived from the original on 14 April 2021. Retrieved 14 April 2021.
  27. Gonzalez, Joaquin Jay III; Kemp, Roger L. (16 January 2019). Cybersecurity: Current Writings on Threats and Protection. McFarland. p. 69. ISBN   978-1-4766-7440-7.
  28. McMahon, Dave; Rohozinski, Rafal. "The Dark Space Project: Defence R&D Canada – Centre for Security Science Contractor Report DRDC CSS CR 2013-007" (PDF). publications.gc.ca. Archived (PDF) from the original on 5 November 2016. Retrieved 1 April 2021.
  29. "Outmaneuvering Advanced and Evasive Malware Threats". Secureworks. Secureworks Insights. Archived from the original on 7 April 2019. Retrieved 24 February 2016.
  30. 1 2 "APT1: Exposing One of China's Cyber Espionage Units". Mandiant. 2013. Archived from the original on 2 February 2015. Retrieved 19 February 2013.
  31. "What are MITRE ATT&CK initial access techniques". GitGuardian - Automated Secrets Detection. 8 June 2021. Archived from the original on 29 November 2023. Retrieved 13 October 2023.
  32. Blanchard, Ben (19 February 2013). "China says U.S. hacking accusations lack technical proof". Reuters. Archived from the original on 14 April 2021. Retrieved 14 April 2021.
  33. Deibert, R.; Rohozinski, R.; Manchanda, A.; Villeneuve, N.; Walton, G (28 March 2009). "Tracking GhostNet: investigating a cyber espionage network". The Munk Centre for International Studies, University of Toronto. Archived from the original on 27 December 2023. Retrieved 27 December 2023.
  34. RicMessier (30 October 2013). GSEC GIAC Security Essentials Certification All. McGraw Hill Professional, 2013. p. xxv. ISBN   978-0-07-182091-2.
  35. "Anatomy of an APT (Advanced Persistent Threat) Attack". FireEye. Archived from the original on 7 November 2020. Retrieved 14 November 2020.
  36. "Threat Intelligence in an Active Cyber Defense (Part 1)". Recorded Future. 18 February 2015. Archived from the original on 20 June 2021. Retrieved 10 March 2021.
  37. "Threat Intelligence in an Active Cyber Defense (Part 2)". Recorded Future. 24 February 2015. Archived from the original on 27 February 2021. Retrieved 10 March 2021.
  38. "A Context-Centred Research Approach to Phishing and Operational Technology in Industrial Control Systems | Journal of Information Warfare". www.jinfowar.com. Archived from the original on 31 July 2021. Retrieved 31 July 2021.
  39. "Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak". Symantec. 7 May 2019. Archived from the original on 7 May 2019. Retrieved 23 July 2019.
  40. "APT17: Hiding in Plain Sight - FireEye and Microsoft Expose Obfuscation Tactic" (PDF). FireEye . May 2015. Archived (PDF) from the original on 24 November 2023. Retrieved 21 January 2024.
  41. "China-Based Threat Actors" (PDF). U.S. Department of Health and Human Services Office of Information Security. 16 August 2023. Archived (PDF) from the original on 29 December 2023. Retrieved 29 April 2024.
  42. van Dantzig, Maarten; Schamper, Erik (19 December 2019). "Wocao APT20" (PDF). fox-it.com. NCC Group. Archived from the original (PDF) on 22 March 2021. Retrieved 23 December 2019.
  43. Vijayan, Jai (19 December 2019). "China-Based Cyber Espionage Group Targeting Orgs in 10 Countries". www.darkreading.com. Dark Reading. Archived from the original on 7 May 2021. Retrieved 12 January 2020.
  44. Barth, Bradley (16 March 2016). "'Suckfly' in the ointment: Chinese APT group steals code-signing certificates". SC Media. Archived from the original on 24 September 2024. Retrieved 24 September 2024.
  45. "Building China's Comac C919 airplane involved a lot of hacking, report says". ZDNET. Archived from the original on 15 November 2019. Retrieved 24 September 2024.
  46. Lyngaas, Sean (10 August 2021). "Chinese hackers posed as Iranians to breach Israeli targets, FireEye says". www.cyberscoop.com. Archived from the original on 29 November 2023. Retrieved 15 August 2021.
  47. Lyngaas, Sean (12 February 2019). "Right country, wrong group? Researchers say it wasn't APT10 that hacked Norwegian software firm". www.cyberscoop.com. Cyberscoop. Archived from the original on 7 May 2021. Retrieved 16 October 2020.
  48. Lyngaas, Sean (16 October 2020). "Google offers details on Chinese hacking group that targeted Biden campaign". Cyberscoop. Archived from the original on 7 May 2021. Retrieved 16 October 2020.
  49. "How Microsoft names threat actors". Microsoft. 16 January 2024. Archived from the original on 10 July 2024. Retrieved 21 January 2024.
  50. "Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure". U.S. Department of the Treasury . 19 March 2024. Archived from the original on 25 March 2024. Retrieved 25 March 2024.
  51. "Double Dragon APT41, a dual espionage and cyber crime operation". FireEye . 16 October 2019. Archived from the original on 7 May 2021. Retrieved 14 April 2020.
  52. "Bureau names ransomware culprits". Taipei Times . 17 May 2020. Archived from the original on 22 March 2021. Retrieved 22 May 2020.
  53. Greenberg, Andy (6 August 2020). "Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry". Wired . ISSN   1059-1028. Archived from the original on 22 March 2021. Retrieved 14 July 2024.
  54. Sabin, Sam (26 October 2022). "New pro-China disinformation campaign targets 2022 elections: Report". Axios . Archived from the original on 26 October 2022. Retrieved 27 October 2022.
  55. Milmo, Dan (5 April 2024). "China will use AI to disrupt elections in the US, South Korea and India, Microsoft warns". The Guardian . ISSN   0261-3077. Archived from the original on 25 May 2024. Retrieved 7 April 2024.
  56. Naraine, Ryan (2 March 2021). "Microsoft: Multiple Exchange Server Zero-Days Under Attack by Chinese Hacking Group". securityweek.com. Wired Business Media. Archived from the original on 6 July 2023. Retrieved 3 March 2021.
  57. Burt, Tom (2 March 2021). "New nation-state cyberattacks". blogs.microsoft.com. Microsoft. Archived from the original on 2 March 2021. Retrieved 3 March 2021.
  58. Nichols, Shaun (20 October 2021). "'LightBasin' hackers spent 5 years hiding on telco networks". TechTarget . Archived from the original on 29 November 2023. Retrieved 8 April 2022.
  59. Ilascu, Ionut (19 October 2021). "LightBasin hacking group breaches 13 global telecoms in two years". Bleeping Computer . Archived from the original on 24 July 2023. Retrieved 8 April 2022.
  60. Cimpanu, Catalin. "Hackers target the air-gapped networks of the Taiwanese and Philippine military". ZDnet . Archived from the original on 22 March 2021. Retrieved 16 May 2020.
  61. Intelligence, Microsoft Threat (24 May 2023). "Volt Typhoon targets US critical infrastructure with living-off-the-land techniques". Microsoft Security Blog. Archived from the original on 17 January 2024. Retrieved 26 May 2023.
  62. Tucker, Eric (18 September 2024). "FBI disrupts Chinese cyber operation targeting critical infrastructure in the US". Associated Press . Archived from the original on 24 September 2024. Retrieved 18 September 2024.
  63. 1 2 "Disrupting malicious uses of AI by state-affiliated threat actors". 14 February 2024. Archived from the original on 16 February 2024. Retrieved 16 February 2024.
  64. 1 2 "Staying ahead of threat actors in the age of AI". Microsoft . 14 February 2024. Archived from the original on 16 February 2024. Retrieved 16 February 2024.
  65. Krouse, Sarah; McMillan, Robert; Volz, Dustin (25 September 2024). "China-Linked Hackers Breach U.S. Internet Providers in New 'Salt Typhoon' Cyberattack" . The Wall Street Journal . Retrieved 25 September 2024.
  66. Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (5 October 2024). "U.S. Wiretap Systems Targeted in China-Linked Hack" . The Wall Street Journal . Archived from the original on 5 October 2024. Retrieved 5 October 2024.
  67. Sabin, Sam (19 November 2024). "New China-linked telco attackers". Axios . Retrieved 19 November 2024.
  68. Montalbano, Elizabeth (1 September 2020). "Pioneer Kitten APT Sells Corporate Network Access". Threat Post. Archived from the original on 22 March 2021. Retrieved 3 September 2020.
  69. "APT39, ITG07, Chafer, Remix Kitten, Group G0087 | MITRE ATT&CK®". attack.mitre.org. Archived from the original on 30 December 2022. Retrieved 30 December 2022.
  70. "Crowdstrike Global Threat Report 2020" (PDF). crowdstrike.com. 2020. Archived (PDF) from the original on 14 March 2020. Retrieved 30 December 2020.
  71. Kyle Alspach (4 February 2022). "Microsoft discloses new details on Russian hacker group Gamaredon". VentureBeat . Archived from the original on 6 February 2022. Retrieved 22 March 2022.
  72. 1 2 Charlie Osborne (21 March 2022). "Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers". ZDNet . Archived from the original on 22 March 2022. Retrieved 22 March 2022.
  73. Warren Mercer; Vitor Ventura (23 February 2021). "Gamaredon - When nation states don't pay all the bills". Cisco. Archived from the original on 19 March 2022. Retrieved 22 March 2022.
  74. "Adversary: Venomous Bear - Threat Actor". Crowdstrike Adversary Universe. Retrieved 22 March 2022.
  75. Warren Mercer; Paul Rascagneres; Vitor Ventura (29 June 2020). "PROMETHIUM extends global reach with StrongPity3 APT". Cisco. Archived from the original on 22 March 2022. Retrieved 22 March 2022.
  76. "Equation: The Death Star of Malware Galaxy". Kaspersky Lab. 16 February 2015. Archived from the original on 11 July 2019. Retrieved 23 July 2019.
  77. Gallagher, Sean (3 October 2019). "Kaspersky finds Uzbekistan hacking op… because group used Kaspersky AV". arstechnica.com. Ars Technica. Archived from the original on 22 March 2021. Retrieved 5 October 2019.
  78. Panda, Ankit. "Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19". thediplomat.com. The Diplomat. Archived from the original on 22 March 2021. Retrieved 29 April 2020.
  79. Tanriverdi, Hakan; Zierer, Max; Wetter, Ann-Kathrin; Biermann, Kai; Nguyen, Thi Do (8 October 2020). Nierle, Verena; Schöffel, Robert; Wreschniok, Lisa (eds.). "Lined up in the sights of Vietnamese hackers". Bayerischer Rundfunk. Archived from the original on 22 March 2021. Retrieved 11 October 2020. In Bui's case the traces lead to a group presumably acting on behalf of the Vietnamese state. Experts have many names for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information security specialists, they all agreed that this is a Vietnamese group spying, in particular, on its own compatriots.
  80. 1 2 3 BushidoToken (20 May 2022). "Threat Group Naming Schemes In Cyber Threat Intelligence". Curated Intelligence. Archived from the original on 8 December 2023. Retrieved 21 January 2024.
  81. "CrowdStrike 2023 Global Threat Report" (PDF). CrowdStrike. Archived (PDF) from the original on 26 March 2024. Retrieved 21 January 2024.
  82. "Rampant Kitten". Thailand Electronic Transactions Development Agency. Archived from the original on 29 November 2022. Retrieved 21 January 2024.
  83. Lambert, John (18 April 2023). "Microsoft shifts to a new threat actor naming taxonomy". Microsoft. Archived from the original on 22 January 2024. Retrieved 21 January 2024.
Lists of APT groups
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.