Repository home
- Search
- Browse
  - Author
  - Division
  - Year
  - Funder
  - Journal
- Login
- - Repository Statistics
- Contact us
- Find out more

Analysis and triage of advanced hacking groups targeting western countries critical national infrastructure : APT28, RED October, and Regin

Mwiki, H, Dargahi, T ORCID: https://orcid.org/0000-0002-0908-6483, Dehghantanha, A and Choo, KKR 2019, 'Analysis and triage of advanced hacking groups targeting western countries critical national infrastructure : APT28, RED October, and Regin' , in: Critical Infrastructure Security and Resilience : Theories, Methods, Tools and Technologies , Advanced Sciences and Technologies for Security Applications , Springer, pp. 221-244.

Full text not available from this repository. (Request a copy)

Official URL: https://doi.org/10.1007/978-3-030-00024-0_12

Abstract

Many organizations still rely on traditional methods to protect themselves against various cyber threats. This is effective when they deal with traditional threats, but it is less effective when it comes to Advanced Persistent Threat (APT) actors. APT attacks are carried by highly skilled (possibly state-sponsored) cyber criminal groups who have potentially unlimited time and resources.

This paper analyzes three specific APT groups targeting critical national infrastructure of western countries, namely: APT28, Red October, and Regin. Cyber Kill Chain (CKC) was used as the reference model to analyze these APT groups activities. We create a Defense Triage Process (DTP) as a novel combination of the Diamond Model of Intrusion Analysis, CKC, and 7D Model, to triage the attack vectors and potential targets for these three APT groups.

A comparative summary of these APT groups is presented, based on their attack impact and deployed technical mechanism. This paper also highlights the type of organization and vulnerabilities that are attractive to these APT groups and proposes mitigation actions.

Item Type:	Book Section
Editors:	Gritzalis, D, Theocharidou, M and Stergiopoulos, G
Schools:	Schools > School of Computing, Science and Engineering
Journal or Publication Title:	Critical Infrastructure Security and Resilience
Publisher:	Springer
Series Name:	Advanced Sciences and Technologies for Security Applications
ISBN:	9783030000233; 9783030000240
ISSN:	1613-5113
Related URLs:	Publication
Depositing User:	T Dargahi
Date Deposited:	20 May 2019 13:41
Last Modified:	27 Aug 2021 21:24
URI:	https://usir.salford.ac.uk/id/eprint/51377

Actions (login required)

Edit record (repository staff only)

Tools

Altmetric

CORE (COnnecting REpositories) related articles