The term APT stands for Advanced Persistent Threat and is often used by cyber security companies to describe nation-state actors or advanced cyber criminals. The term was first coined by Mandiant (now part of FireEye) in 2013 to describe cyber espionage campaigns conducted by the Chinese military. For this discussion posting, you are to research and present on the following:
1) Identify and analyze an APT group of your choosing. As part of this, identify the name of the group, the alleged actor behind the campaign, who/what organizations were being targeted by the APT group, how long the campaign took place, what information the group was attempting to steal, and tools, techniques, and procedures the group used as part of the espionage campaign. If you pick an APT group already covered by another students, I will subtract 25% for each posting I see on that APT group.
2) How could you envision using this information to help you in a cyber security role in the future?
3) How has the US Government responded to APT attacks and the groups/actors involved in the past two years?Please make sure to provide proper citations.
Please write a 150 words response for this discussion board
The APT I went for was APT41, which is suspected to be from China. The group targets heathcare, telecoms, and the high-tect sector they are mainly active in the video game industry as well with manipulation of virutal currencies which is very big in a lot of video games today. They seemed to have been active since 2012 targeted at least 14 countries, they have stole intellectual property, can also track certain people, and conduct serveillance. For their tools they have been shown to use 46 different code famailies, the types of malware they have been known to use is backdoors, keyloggers, and rootkits. In a campaign that they had ran, they had deployed 150 peices of malware. The main goal for this group is financially motitaved, they rely on spear-phising emails, sophisticated TTPs and various other malware.
I could use this information by seeing how a group like this thinks, and knowing what to look for if something like this were to happen. This can be useful to anyone because if their establishment gets target by a group like this they are aware what must be done and will take the right course of action. It will be a lot easier to narrow down some of the groups, and determine who may have breached a system once you learn who specializes in that particular hacking tool. Having knowledge of most of these groups will help develop a good and secure system.
Back in 2018, the US Governement has approved back a bill that list the advanced APT groups that is avaliable to the public. This bill is aimed at assisting with strategies that can be used to respond to any type of threat that these APT groups may use. The bill also lists how it would make policy changes and create new controls and increase costs for putitng in th proper protection for systems.
“Advanced Persistent Threat Groups (APT Groups).” FireEye, www.fireeye.com/current-threats/apt-groups.html.
Bing, Chris. “Lawmakers Want White House to Develop a Running List of Nation-State Hacking Groups.” CyberScoop, 29 June 2018, www.cyberscoop.com/cyber-deterrance-bill-nation-state-hacking-apt-names-ted-yoho/.