Advanced Persistent Threat

GUÍA DE
CIBERDEFENSA
ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR
68 Then, intelligence of the potential victim is gathered, including the organization, cyber defense capability, vulnerabilities, and any information that could be used as an attack vector (emails, websites, etc) or to support cyber attacks (names, positions, organization, roles, responsibilities, expected behaviors, usual activity on the network, etc) using both passive and active exploitative cyber operations.
464.
Once the target has been selected and with all the available intelligence, the most suitable cyber weapons, payloads and TTPs are selected from the arsenal and the cyber attacks are designed and tested in the cyber range to verify effectiveness and anonymization.
465.
In the access phase, the APT infiltrates the target network and establishes an external communication channel.
466.
The infiltration is carried out taking advantage of previously detected vulnerabilities (usually through spear phishing or watering hole) and once inside, a malware is installed to create a backdoor (hidden remote access) managed by a remote administration tool (RAT).
467.
Once the backdoor is created, a hidden communication channel is implemented between the target network and the APT command and control center, establishing the first point of presence.
468.
In the persistence phase, the first point of presence is used to conduct a detailed reconnaissance of the network from within, providing the necessary information to carryout secure and stealthy lateral movements (movements within the network) for the purpose of establishing other points of presence and escalate privileges to obtain a greater, lasting degree of control and achieve more complex objectives.

Download 2.54 Mb.

Share with your friends: