engleski

Survey of Advanced Persistent Threats actors

With developments in IT landscape and worldwide increase in reliance on digital storage media, we are witnesses to a growing threat of largescale cyberattacks on organizations and massive data breaches. Almost all relevant companies are completely reliant on computer infrastructure, they store their data, patents, financial records and ect. digitally and often without proper security measures. This trend has been recognised and exploited in a negative way. In globalised world this is easier to achieve than ever because on internet borders do not exist as such, and for adversary it is easy to hide beyond reach of justice. Potential adversary can target individuals or organisations even from different continent. We can read daily reports of hacking and data thefts, even in case of most reputable companies. Some of these attacks are performed by cyber criminals, but many of these attacks are performed by highly sophisticated and well-resourced adversaries – hacking groups, conducting long-term targeted attack operations known by common name of Advanced Persistent Threats (APT). APT groups are known to be very adaptive, to reuse and improve their tactics, techniques, procedures and tools in regard of their current target. Unlike cyber criminals whose operations need to be profitable to sustain themselves, APT groups are state sponsored, meaning they can perform long term operation even if faced with unknown outcome. In most cases APT groups will continue to attack their targets until target is compromised. Primary goal of most APT groups is data theft for purpose of nation and corporate espionage. However, it is important to emphasize that APT groups are not limited to data theft, there are even recorded cases of implanting malicious program code in industrial facilities which caused destruction of entire facilities, demonstrating weaponization of cyberspace with physical consequences. One common characteristic of almost APT groups is that they perform operation in such way that most of their victims aren’t even aware of attack itself. In most cases APT groups compromise some organisation, steal data and leave, leaving minimum evidences of data theft making attribution of attacks difficult. Most of APT attacks are detected only after compromise and but not by victim by itself, usually by third parties. In past, almost all major world corporations have been victims to successful APT attack. Commonly, APT attack starts by targeting individual in organisation which is then a victim to an advanced social engineering attack and used as a steppingstone to organisation. Although they are one of greatest threat in today’s globalised cyberspace, there is limited data about groups themselves. Most data regarding APT groups is fragmented across vast number of unstandardized industry and online reports revealing only parts of whole picture. There is limited number of academic articles regarding this topic, although knowledge about these groups’ existence is known for over 15 years. This paper aims to introduce APT groups, examine and present structure of publicly available data regarding APT groups with goal of explaining reasons behind lack of academic knowledge regarding this topic. For purpose of understanding scale of this phenomena, an overview of known groups with basic characteristics through whole world regions will be given.

APT Groups, Cyberspace threats

nije evidentirano