Cyber defense


Advanced Persistent Threat



Download 2.54 Mb.
View original pdf
Page57/85
Date09.12.2022
Size2.54 Mb.
#60094
1   ...   53   54   55   56   57   58   59   60   ...   85
Cyber Defense Handbook
Advanced Persistent Threat
460.
Advanced Persistent Threat (APT) is an organized group of experts, normally associated with a State, who use sophisticated knowledge, tools and TTPs (techniques, tactics and procedures) to infiltrate, take control of and persist in an alien network (anonymously, stealthily and unnoticed) in order to have access to select information and obtain strategic advantages.
461.
An APT usually operates according to a phase cyclical process preparation, access, persistence, execution and anonymization. In the preparation phase, the potential objectives are identified and the assets and profitability of the cyberattack are assessed by comparing their own resources required for the development of the cyberattack and the expected benefits.


GUÍA DE
CIBERDEFENSA
ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR
68 Then, intelligence of the potential victim is gathered, including the organization, cyber defense capability, vulnerabilities, and any information that could be used as an attack vector (emails, websites, etc) or to support cyber attacks (names, positions, organization, roles, responsibilities, expected behaviors, usual activity on the network, etc) using both passive and active exploitative cyber operations.
464.
Once the target has been selected and with all the available intelligence, the most suitable cyber weapons, payloads and TTPs are selected from the arsenal and the cyber attacks are designed and tested in the cyber range to verify effectiveness and anonymization.
465.
In the access phase, the APT infiltrates the target network and establishes an external communication channel.
466.
The infiltration is carried out taking advantage of previously detected vulnerabilities (usually through spear phishing or watering hole) and once inside, a malware is installed to create a backdoor (hidden remote access) managed by a remote administration tool (RAT).
467.
Once the backdoor is created, a hidden communication channel is implemented between the target network and the APT command and control center, establishing the first point of presence.
468.
In the persistence phase, the first point of presence is used to conduct a detailed reconnaissance of the network from within, providing the necessary information to carryout secure and stealthy lateral movements (movements within the network) for the purpose of establishing other points of presence and escalate privileges to obtain a greater, lasting degree of control and achieve more complex objectives.

Download 2.54 Mb.

Share with your friends:
1   ...   53   54   55   56   57   58   59   60   ...   85




The database is protected by copyright ©ininet.org 2024
send message

    Main page