🟦
LSWSec-Defensive
  • LSWSec - Defensive Security Notes
  • General
    • Tool List
  • Threat Intelligence
    • Introduction
    • Threat Actors and APTs
    • Operational Threat Intelligence
    • Tactical Threat Intelligence
    • Strategic Threat Intelligence
    • Malware and Global Campaigns
  • Phishing
    • Introduction
    • Investigating a Phishing Email
    • Analysing
    • Defensive Action
    • Reactive Measures
    • Report Writing
  • Digital Forensics
    • Introduction
    • Digital Evidence and Handling
    • Memory, Pagefile and Hibernation file
    • Digital Evidence Collection
    • Windows Investigation
    • Linux Investigations
    • Volatility
    • Autopsy
    • Windows Commands
      • Network Discovery
      • DHCP
      • DNS
  • SIEM
    • Introduction
    • Logging
    • Correlation
  • Incident Response
    • Introduction
    • Preperation
    • Detection & Analysis
    • Containment, Eradication and Recovery
    • reporting
    • MITRE Att&ck
  • Event Viewer
    • event Summary
    • Event ID: 4648
    • Event ID: 4776
    • Event ID: 4673
    • Event ID: 4625
Powered by GitBook
On this page
  • Common Threat Actors
  • Actor Motivations
  • Naming Conventions
  • What are APTs
  • TTP
  1. Threat Intelligence

Threat Actors and APTs

Common Threat Actors

What are Threats?

A threat is a danger that can be exploited in a vulnerability.

What are Threat Actors

This is an actor who generates adverse effects on an organization.

Actor Categorization

Cyber Criminals

  • Hackers or crackers who are looking to make money off malicious and illegal activity.

  • Very varied skill levels

Nation States

These are government backed hacking groups. These have a very high level of technical sophistication and resources. These can be referred to as APTs or Advanced Persistent Threats.

Hacktivists

These are individuals or groups that are socially or politically motivated and use cyber attacks to express their view or beliefs.

Insider Threat

These are people who are intentionally or unintentionally abusing their power and knowledge of an organisation. They often leak classified information.

Actor Motivations

  • Financial motives - making money for either themselves, groups or government/companies

  • Political Motives- often governments attacking enemy governments. Could also be hacktivists who don't agree with something political or want to try and get a particular candidate elected.

  • Social Motives - usually individuals who want to make a statement or gain a reputation.

  • Unknown Motives - motives of the hacker are not clear.

Naming Conventions

  • Different vendors use different naming conventions

  • Crowdstrike use animals to categorise a group or different nation states

  • Mandiant uses a code numbering system E.G. APT1, APT2…

What are APTs

  • Advanced Persistent threats

  • Most feared security concern

  • Groups of highly skilled hackers

  • Can deliver maximum long lasting damage to companies and corporations

  • APTs have a huge amount of funding and resources.

  • They focus on financial, political or military targets

  • They use advanced tools, attack frameworks, malware and exploits.

  • There attacks are often long term and nee maintained access to the network

TTP

  • Tools Techniques and procedures

  • These are actions attackers take when conducting cyber attacks.

  • Used by the blue team to track different tactics which are being utilised.

Mitre att&ck framework splits these down into 12 categories:

  • Initial Access

  • Execution

  • Persistence

  • Privilege Escalation

  • Defence Evasion

  • Credential Access

  • Discovery

  • Lateral Movement

  • Collection

  • Command and Control

  • Exfiltration

  • Impact

PreviousIntroductionNextOperational Threat Intelligence

Last updated 1 year ago