Provisioning the external infrastructure for Cyberspace Operations. A spotlight on Russian APT groups-Reference-Cited by-同舟云学术

Provisioning the external infrastructure for Cyberspace Operations. A spotlight on Russian APT groups

Published:2024-06-30 Issue:2 Volume:13 Page:1-32
ISSN:2147-0030
Container-title:International Journal of Information Security Science
language:
Short-container-title:

Author:

Villalon-huerta Antonio¹^ORCID,Ripoll-ripoll Ismael²^ORCID,Marco-gisbert Hector²^ORCID

Affiliation:

1. S2 Grupo

2. Universidad Politecnica de Valencia

Abstract

Advanced threat actors conduncting operations in cyberspace require the utilization of external infrastructure. This referes to elements of infrastructure available on the Internet, situated outside the target’s own premises. The analysis of this infrastructure and the techniques employed to bring it to full operational capacity constitute a pivotal factor in characterizing threat actors and their operations. However, the majority of the existing scientific and technical literature found focuses on internal infrastructure elements, particularly on malware implants, as well as on the tactics and techniques employed by the threat actor within their victim’s infrastructure. In this work a comprehensive analysis of this external infrastructure and its provisioning techniques is presented. While our research has primarily concentrated on Russian APT groups and their operations, our findings are equally applicable to all advanced groups and operations. The outcomes of our study can greatly assist analysts in characterizing these groups and their operations, especially with regards to attribution efforts. Our proposal follows a logical structure that can be easy to expand and adapt, and it can be used to improve commonly accepted industry standards such as MITRE ATT&CK.

Publisher

Seref Sagiroglu

Reference169 articles.

1. [1] R. Ross et al., SP 800-39. Managing information security risk: Organization, mission, and information system view. National Institute of Standards & Technology, 2011.

2. [2] P. Chen, L. Desmet, and C. Huygens, “A study on advanced persistent threats,” in Communications and Multimedia Security: 15th IFIP TC 6/TC 11 International Conference, CMS 2014, Aveiro, Portugal, September 25-26, 2014. Proceedings 15. Springer, 2014, pp. 63–72.

3. [3] J. Carr, Inside cyber warfare: Mapping the cyber underworld. O’Reilly Media, Inc., 2012.

4. [4] K. Giles, “Information Troops. a russian cyber command?” in 2011 3rd International Conference on Cyber Conflict. IEEE, 2011, pp. 1–16.

5. [5] M. Connell and S. Vogler, “Russia’s approach to cyber warfare,” [Online]. Available: https://www.cna.org/archive/ CNA Files/pdf/dop-2016-u-014231-1rev.pdf, Center for Naval Analyses, Tech. Rep., September 2016.