Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Resilience Approach to Critical Information Infrastructures Read chapter Read first chapter

2019 | OriginalPaper | Chapter

Analysis and Triage of Advanced Hacking Groups Targeting Western Countries Critical National Infrastructure: APT28, RED October, and Regin

Authors : Henry Mwiki, Tooska Dargahi, Ali Dehghantanha, Kim-Kwang Raymond Choo

Published in: Critical Infrastructure Security and Resilience

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Many organizations still rely on traditional methods to protect themselves against various cyber threats. This is effective when they deal with traditional threats, but it is less effective when it comes to Advanced Persistent Threat (APT) actors. APT attacks are carried by highly skilled (possibly state-sponsored) cyber criminal groups who have potentially unlimited time and resources.
This paper analyzes three specific APT groups targeting critical national infrastructure of western countries, namely: APT28, Red October, and Regin. Cyber Kill Chain (CKC) was used as the reference model to analyze these APT groups activities. We create a Defense Triage Process (DTP) as a novel combination of the Diamond Model of Intrusion Analysis, CKC, and 7D Model, to triage the attack vectors and potential targets for these three APT groups.
A comparative summary of these APT groups is presented, based on their attack impact and deployed technical mechanism. This paper also highlights the type of organization and vulnerabilities that are attractive to these APT groups and proposes mitigation actions.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Secure Interconnection of IT-OT Networks in Industry 4.0
next chapter Aviation Cybersecurity and Cyber-Resilience: Assessing Risk in Air Traffic Management
Literature
1.
Walker-Roberts S, Hammoudeh M, Dehghantanha A (2018) A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access 1–1
2.
HaddadPajouh H, Dehghantanha A, Khayami R, Choo KKR (2017) A deep recurrent neural network based approach for internet of things Malware threat hunting, future generation computer system. Futur Gener Comput Syst 85:88–96CrossRef
3.
Ussath M, Jaeger D, Cheng F, Meinel C (2016) Advanced persistent threats: behind the scenes. In: 2016 Annual Conference on Information Science and Systems (CISS), pp 181–186
4.
Azmoodeh A, Dehghantanha A, Choo K-KR (2018) Robust malware detection for internet of (Battlefield) things devices using deep Eigenspace learning. IEEE Trans Sustain Comput 1–1
5.
Min M, Xiao L, Xie C, Hajimirsadeghi M, Mandayam NB (2017) Defense against advanced persistent threats: a Colonel Blotto game approach. In: 2017 IEEE international conference on communications (ICC), pp 1–6
6.
Hopkins M, Dehghantanha A (2015) Exploit kits: the production line of the cybercrime economy? In: 2015 second international conference on Information Security and Cyber Forensics (InfoSec), pp 23–27
7.
Conti M, Dehghantanha A, Franke K, Watson S (2017) Internet of things security and forensics: challenges and opportunities. Futur Gener Comput Syst 78:544–546CrossRef
8.
Pajouh HH, Dehghantanha A, Khayami R, Choo K-KR (2017) Intelligent OS X malware threat detection with code inspection. J Comput Virol Hacking Tech 14:213–223CrossRef
9.
Haughey H, Epiphaniou G, Al-Khateeb H, Dehghantanha A (2018) Adaptive traffic fingerprinting for darknet threat intelligence, vol 70
10.
Homayoun S, Dehghantanha A, Ahmadzadeh M, Hashemi S, Khayami R (2017) Know abnormal, find evil: frequent pattern mining for Ransomware threat hunting and intelligence. In: IEEE transactions on emerging topics in computing
11.
Azmoodeh A, Dehghantanha A, Conti M, Choo K-KR (2017) Detecting crypto-ransomware in IoT networks based on energy consumption footprint. J Ambient Intell Humaniz Comput 9:1–12
12.
Kiwia D, Dehghantanha A, Choo K-KR, Slaughter J (2017) A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. J Comput Sci 27:394–409CrossRef
13.
Conti M, Dargahi T, Dehghantanha A (2018) Cyber threat intelligence: challenges and opportunities. Springer, Cham, pp 1–6CrossRef
14.
Lemay A, Calvet J, Menet F, Fernandez JM (2018) Survey of publicly available reports on advanced persistent threat actors. Comput Secur 72:26–59CrossRef
15.
FireEye (2014) FireEye releases report on Cyber Espionage Group with possible ties to Russian Government
16.
FireEye (2014) APT28: a window into Russia’s cyber espionage operations?
17.
FireEye (2017) APT28: at the center of the storm
18.
Symantec (2015) Regin: top-tier espionage tool enables stealthy surveillance symantec security response
19.
Kaspersky Lab (2014) The regin platform nation-state ownage of GSM networks
20.
Chavez R, Kranich W, Casella A (2015) Red October and its reincarnation. Bost. Univ. | CS558 Netw. Secur
21.
Kaspersky Lab (2013) Red October: an advanced cyber-espionage campaign targeting diplomatic and government institutions
22.
Sager T (2014) Killing advanced threats in their tracks: an intelligent approach to attack prevention. SANS Institute InfoSec Reading. Room
23.
Homayoun S, Ahmadzadeh M, Hashemi S, Dehghantanha A, Khayami R (2018) BoTShark: a deep learning approach for botnet traffic detection, vol 70
24.
Hutchins EM, Cloppert MJ, Amin RM Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion Kill Chains
25.
Caltagirone S, Pendergast A, Org AP, Betz C, Org CB (2013) The diamond model of intrusion analysis
26.
Shalaginov A, Banin S, Dehghantanha A, Franke K (2018) Machine learning aided static malware analysis: a survey and tutorial, vol 70
27.
Pendergast A (2014) The diamond model for intrusion analysis
28.
Caltagirone S (2013) The diamond model of intrusion analysis a summary why the diamond model matters
29.
Christopher L, Choo K-KR, Dehghantanha A (2016) Honeypots for employee information security awareness and education training: a conceptual EASY training model
30.
Microsoft (2015) Microsoft security intelligence report volume 19
31.
FBI (2016) GRIZZLY STEPPE – Russian malicious cyber activity
32.
Benchea R, Vatamanu C, Maximciuc A, Luncasu V (2015) APT28 under the scope: a journey into exfiltrating intelligence and government information
33.
Weedon J, Fireeye JW (2015) Beyond ‘Cyber War’: Russia’s use of strategic cyber espionage and information operations in Ukraine
34.
Ostrowski M, Pietrzyk T (2014) APT28 Cybergroup activity
35.
Crowdstrike (2016) Bears in the midst: intrusion into the democratic national committee
36.
37.
Bitdefender TA, Botezatu B (2017) Dissecting the APT28
38.
Mehta N, Leonard B, Huntley S (2014) Peering into the aquarium: analysis of a sophisticated multi-stage malware family
39.
K. Pierre T (2017) APT28 racing to exploit CVE-2017-11292 flash vulnerability before patches are deployed
40.
Pirozzi A, Farina A, Martire L (2017) Malware analysis report: APT28 – hospitality malware
41.
Kaspersky Lab (2015) Sofacy APT hits high profile targets with updated toolset
42.
T. Micro Incorporated (2017) Two years of pawn storm: examining an increasingly relevant threat
43.
Smith L, Read B (2017) APT28 targets hospitality sector, presents threat to travelers
44.
Falcone R (2016) Technical walkthrough: office test persistence method used in recent Sofacy attacks
45.
Falcone R (2017) XAgentOSX: Sofacy’s XAgent macOS tool
46.
Hong K-F, Chen C-C, Chiu Y-T, Chou K-S (2015) Ctracer: uncover C&C in advanced persistent threats based on scalable framework for enterprise log data. In: 2015 IEEE international congress on big data, pp 551–558
47.
Lee B, Falcone R (2016) New Sofacy attacks against US Government Agency
48.
Kaspersky Lab (2015) APTs: a review and some likely prospects
49.
Teto A (2014) Operation ‘Red October’: and it is cyber espionage
50.
GReAT (2013) “Red October” diplomatic cyber attacks investigation
51.
Kaspersky Lab (2013) Kaspersky lab identifies operation ‘Red October,’ an advanced cyber-espionage campaign targeting diplomatic and government institutions worldwide
52.
Symantec (2015) Protect your IT infrastructure from zero-day attacks and new vulnerabilities
53.
Kaspersky Lab (2014) Regin APT attacks among the most sophisticated ever analyzed
54.
Schwartz MJ (2015) Regin espionage malware: a closer look
55.
Winstanley A (2014) Is Israel behind the ‘Regin’ cyber-threat?
Metadata
Title
Analysis and Triage of Advanced Hacking Groups Targeting Western Countries Critical National Infrastructure: APT28, RED October, and Regin
Authors
Henry Mwiki
Tooska Dargahi
Ali Dehghantanha
Kim-Kwang Raymond Choo
Copyright Year
2019
Book
Critical Infrastructure Security and Resilience

Print ISBN: 978-3-030-00023-3

Electronic ISBN: 978-3-030-00024-0

Copyright Year: 2019

DOI
https://doi.org/10.1007/978-3-030-00024-0_12

Premium Partner

    Image Credits