146: – Operators have specific objectives, rather than opportunistically seeking information for financial or other gain. This distinction implies that the attackers are guided by external entities. The targeting is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a "low-and-slow" approach is usually more successful. If the operator loses access to their target they usually will reattempt access, and most often, successfully. One of the operator's goals is to maintain long-term access to the target, in contrast to threats who only need access to execute a specific task.
271:
3595:
135: – Operators behind the threat have a full spectrum of intelligence-gathering techniques at their disposal. These may include commercial and open source computer intrusion technologies and techniques, but may also extend to include the intelligence apparatus of a state. While individual components of the attack may not be considered particularly "advanced" (e.g.
152: – APTs are a threat because they have both capability and intent. APT attacks are executed by coordinated human actions, rather than by mindless and automated pieces of code. The operators have a specific objective and are skilled, motivated, organized and well funded. Actors are not limited to state sponsored groups.
139:
components generated from commonly available do-it-yourself malware construction kits, or the use of easily procured exploit materials), their operators can typically access and develop more advanced tools as required. They often combine multiple targeting methods, tools, and techniques in order to
3319:
In Bui's case the traces lead to a group presumably acting on behalf of the
Vietnamese state. Experts have many names for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information security specialists, they all agreed that this is a Vietnamese group spying, in
194:
community, and increasingly within the media, the term is almost always used in reference to a long-term pattern of sophisticated computer network exploitation aimed at governments, companies, and political activists, and by extension, also to ascribe the A, P and T attributes to the groups behind
417:
network traffic associated with APT can be detected at the network layer level with sophisticated methods. Deep log analyses and log correlation from various sources is of limited usefulness in detecting APT activities. It is challenging to separate noises from legitimate traffic. Traditional
761:
CrowdStrike assigns animals by nation-state or other category, such as "Kitten" for Iran and "Spider" for groups focused on cybercrime. Other companies have named groups based on this system — Rampant Kitten, for instance, was named by Check Point rather than CrowdStrike.
306:
The global landscape of APT's from all sources is sometimes referred to in the singular as "the" APT, as are references to the actor behind a specific incident or series of incidents, but the definition of APT includes both actor and method.
393:
In incidents analysed by
Mandiant, the average period over which the attackers controlled the victim's network was one year, with longest – almost five years. The infiltrations were allegedly performed by Shanghai-based
2065:
2803:
261:
A Bell Canada study provided deep research into the anatomy of APTs and uncovered widespread presence in
Canadian government and critical infrastructure. Attribution was established to Chinese and Russian actors.
418:
security technology and methods have been ineffective in detecting or mitigating APTs. Active cyber defense has yielded greater efficacy in detecting and prosecuting APTs (find, fix, finish) when applying
2244:
3244:
422:
to hunt and adversary pursuit activities. Human-Introduced Cyber
Vulnerabilities (HICV) are a weak cyber link that are neither well understood nor mitigated, constituting a significant attack vector.
3275:
2706:
1126:
2739:
3427:
169:
organisations in 2005. This method was used throughout the early 1990s and does not in itself constitute an APT. The term "advanced persistent threat" has been cited as originating from the
140:
reach and compromise their target and maintain access to it. Operators may also demonstrate a deliberate focus on operational security that differentiates them from "less advanced" threats.
2772:
278:
Actors behind advanced persistent threats create a growing and changing risk to organizations' financial assets, intellectual property, and reputation by following a continuous process or
1539:
3096:
1314:
758:, among others, have their own internal naming schemes. Names between different organizations may refer to overlapping but ultimately different groups, based on various data gathered.
2900:
1561:
2305:
2275:
39:
and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.
413:
There are tens of millions of malware variations, which makes it extremely challenging to protect organizations from APT. While APT activities are stealthy and hard to detect, the
3060:
2057:
2836:
2795:
2642:
1416:
742:
Multiple organizations may assign different names to the same actor. As separate researchers could each have their own varying assessments of an APT group, companies such as
1098:
2570:
3024:
1766:
2865:
1649:
2169:
1801:
1741:
3371:
2195:
3183:
2673:
2611:
1260:
3297:
Tanriverdi, Hakan; Zierer, Max; Wetter, Ann-Kathrin; Biermann, Kai; Nguyen, Thi Do (8 October 2020). Nierle, Verena; Schöffel, Robert; Wreschniok, Lisa (eds.).
2236:
930:
440:
3236:
2961:
960:
101:
have also become a legitimate concern, since attackers are able to penetrate into cloud and mobile infrastructure to eavesdrop, steal, and tamper with data.
3342:
2095:
1070:
120:
as 204 days. Such a long dwell-time allows attackers a significant amount of time to go through the attack cycle, propagate, and achieve their objectives.
3267:
2424:
1569:
893:
active since 2013, unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially
310:
In 2013, Mandiant presented results of their research on alleged
Chinese attacks using APT method between 2004 and 2013 that followed similar lifecycle:
1501:
1048:
2398:
3213:
2696:
1282:
1137:
2729:
2520:
1975:
1918:
1887:
3423:
1509:
1474:
1448:
508:
195:
these attacks. Advanced persistent threat (APT) as a term may be shifting focus to computer-based hacking due to the rising number of occurrences.
2367:
3127:
2762:
187:, is one example of an APT attack. In this case, the Iranian government might consider the Stuxnet creators to be an advanced persistent threat.
1531:
1393:
3489:
2546:
3086:
1624:
1318:
1227:
490:
3400:
2087:
1194:
992:
2890:
2297:
2267:
2163:
2058:"A Context-Centred Research Approach to Phishing and Operational Technology in Industrial Control Systems | Journal of Information Warfare"
1707:
1595:
898:
687:
679:
2035:
2005:
83:
3050:
2130:
1154:
Au, Man Ho (2018). "Privacy-preserving personal data operation on mobile cloud—Chances and challenges over advanced persistent threat".
2336:
683:
2420:
4033:
2826:
462:
2634:
1860:
1426:
512:
2456:
1109:
2560:
377: – expand control to other workstations, servers and infrastructure elements and perform data harvesting on them.
3013:
2924:
1774:
274:
A diagram depicting the life cycle staged approach of an advanced persistent threat (APT), which repeats itself once complete.
4010:
1951:
1686:
2861:
1653:
4077:
2478:
798:
527:
444:
3306:
1797:
4067:
4041:
2155:
1730:
1363:
713:
222:
3482:
3364:
2210:
113:
3175:
2665:
2593:
1252:
50:
by advanced actors with specific goals, whether to steal, spy, or disrupt. These targeted sectors include government,
3973:
1731:"The Dark Space Project: Defence R&D Canada – Centre for Security Science Contractor Report DRDC CSS CR 2013-007"
2991:
922:
3769:
2953:
484:
166:
90:
to gain access to a physical location to enable network attacks. The purpose of these attacks is to install custom
952:
4023:
3338:
2451:
1081:
340:
1826:
3836:
3475:
414:
318:
79:
1040:
2390:
383: – ensure continued control over access channels and credentials acquired in previous steps.
128:
Definitions of precisely what an APT is can vary, but can be summarized by their named requirements below:
3205:
1289:
4028:
3949:
3749:
2510:
1967:
1910:
1883:
399:
350:
217:
Numerous sources have alleged that some APT groups are affiliated with, or are agents of, governments of
207:
1478:
1452:
4005:
3963:
2359:
863:
768:
Mandiant assigns numbered acronyms in three categories, APT, FIN, and UNC, resulting in APT names like
3119:
783:); in April 2023, Microsoft changed its naming schema to use weather-based names (e.g. Volt Typhoon).
199:
reported an 81 percent increase from 2010 to 2011 of particularly advanced targeted computer attacks.
3866:
3584:
1385:
419:
184:
343:
in victim's network, create net backdoors and tunnels allowing stealth access to its infrastructure.
3851:
3729:
3624:
3149:
1216:
162:
1617:
901:
threat group has attacked select systems that
Gamaredon had earlier compromised and fingerprinted.
3939:
3891:
3554:
3396:
2930:
2360:"Right country, wrong group? Researchers say it wasn't APT10 that hacked Norwegian software firm"
1186:
988:
843:
662:
170:
104:
The median "dwell-time", the time an APT attack goes undetected, differs widely between regions.
2328:
1703:
1591:
2027:
1997:
1668:
4082:
3980:
3714:
2117:
1941:
1914:
1676:
1355:
823:
436:
279:
235:
206:
as a means to gather intelligence on individuals and groups of individuals of interest. The
4000:
3912:
3861:
3806:
3674:
3647:
3629:
3527:
3498:
3302:
3268:"Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19"
87:
3594:
2594:"China will use AI to disrupt elections in the US, South Korea and India, Microsoft warns"
367: – collect information on surrounding infrastructure, trust relationships,
8:
3784:
3559:
3517:
3457:
1852:
1016:
Advanced
Persistent Threat: Understanding the Danger and How to Protect Your Organization
838:
772:. Other companies using a similar system include Proofpoint (TA) and IBM (ITG and Hive).
4072:
3968:
3896:
3801:
2925:"China-Linked Hackers Breach U.S. Internet Providers in New 'Salt Typhoon' Cyberattack"
2446:
1909:
Deibert, R.; Rohozinski, R.; Manchanda, A.; Villeneuve, N.; Walton, G (28 March 2009).
270:
55:
405:
Previous reports from Secdev had previously discovered and implicated
Chinese actors.
4016:
3774:
3709:
3659:
3606:
3564:
3512:
2796:"Volt Typhoon targets US critical infrastructure with living-off-the-land techniques"
2734:
2635:"Microsoft: Multiple Exchange Server Zero-Days Under Attack by Chinese Hacking Group"
2603:
1947:
1682:
1019:
617:
357:
to acquire administrator privileges over victim's computer and possibly expand it to
354:
191:
67:
2447:"Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure"
1933:
1908:
3985:
3925:
3689:
3679:
3574:
2831:
1163:
833:
813:
36:
2827:"FBI disrupts Chinese cyber operation targeting critical infrastructure in the US"
2088:"Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak"
3876:
3856:
3754:
3579:
3569:
2763:"Hackers target the air-gapped networks of the Taiwanese and Philippine military"
2565:
1359:
1167:
667:
575:
539:
521:
218:
59:
43:
42:
Such threat actors' motivations are typically political or economic. Every major
2488:
2118:"APT17: Hiding in Plain Sight - FireEye and Microsoft Expose Obfuscation Tactic"
897:
organizations) and appears to provide services for other APTs. For example, the
4046:
3944:
3794:
3744:
3719:
3684:
3664:
3544:
3532:
3298:
2268:"'Suckfly' in the ointment: Chinese APT group steals code-signing certificates"
2091:
848:
776:
700:
656:
474:
456:
450:
395:
368:
358:
326:
322:
290:
173:
in 2006 with
Colonel Greg Rattray cited as the individual who coined the term.
32:
1342:
225:
are at high risk of being targeted by advanced persistent threats, including:
4061:
3956:
3917:
3886:
3881:
3734:
3724:
3694:
3209:
3087:"Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers"
2607:
2391:"Google offers details on Chinese hacking group that targeted Biden campaign"
2298:"Building China's Comac C919 airplane involved a lot of hacking, report says"
1023:
611:
211:
180:
98:
63:
51:
3990:
3846:
3549:
3463:
MITRE ATT&CK security community tracked
Advanced Persistent Group Pages
2598:
2515:
2329:"Chinese hackers posed as Iranians to breach Israeli targets, FireEye says"
1421:
803:
630:
587:
117:
28:
3173:
3930:
3764:
3739:
3704:
3539:
3055:
2983:
743:
533:
47:
3237:"Kaspersky finds Uzbekistan hacking op… because group used Kaspersky AV"
3995:
3811:
3759:
3642:
3522:
3467:
2701:
828:
793:
780:
726:
641:
581:
544:
468:
203:
71:
2561:"New pro-China disinformation campaign targets 2022 elections: Report"
1500:
Rosenbach, Marcel; Schulz, Thomas; Wagner, Wieland (19 January 2010).
289:
Attempt to gain a foothold in the environment (common tactics include
210:
is tasked with coordinating the US military's offensive and defensive
3871:
3826:
3821:
3669:
3637:
2984:"APT39, ITG07, Chafer, Remix Kitten, Group G0087 | MITRE ATT&CK®"
2895:
2206:
873:
808:
755:
747:
652:
635:
255:
75:
3831:
3789:
3652:
3462:
3051:"Microsoft discloses new details on Russian hacker group Gamaredon"
2922:
Krouse, Sarah; McMillan, Robert; Volz, Dustin (25 September 2024).
2862:"Disrupting malicious uses of AI by state-affiliated threat actors"
2730:"LightBasin hacking group breaches 13 global telecoms in two years"
1830:
868:
818:
751:
196:
109:
2237:"China-Based Cyber Espionage Group Targeting Orgs in 10 Countries"
1618:"Advanced Persistent Threat (or Informationized Force Operations)"
1283:"Assessing Outbound Traffic to Uncover Advanced Persistent Threat"
1071:"Cyber Threats to the Financial Services and Insurance Industries"
402:. Chinese officials have denied any involvement in these attacks.
3841:
3816:
3779:
2483:
2479:"Double Dragon APT41, a dual espionage and cyber crime operation"
2125:
894:
858:
853:
606:
333:
on a website that the victim's employees will be likely to visit.
330:
177:
136:
105:
91:
165:
to exfiltrate sensitive information were published by UK and US
3699:
3614:
3174:
Warren Mercer; Paul Rascagneres; Vitor Ventura (29 June 2020).
1502:"Google Under Attack: The High Cost of Doing Business in China"
483:
Dynamite Panda or Scandium (also known as APT18, a unit of the
389: – exfiltrate stolen data from victim's network.
161:
Warnings against targeted, socially-engineered emails dropping
35:
or state-sponsored group, which gains unauthorized access to a
3332:
3330:
3328:
3296:
1386:"Advanced Persistent Threats: Learn the ABCs of APTs - Part A"
299:
Deploy additional tools that help fulfill the attack objective
3091:
2767:
2697:"'LightBasin' hackers spent 5 years hiding on telco networks"
1675:
Gonzalez, Joaquin Jay III; Kemp, Roger L. (16 January 2019).
730:
296:
Use the compromised systems as access into the target network
2721:
1911:"Tracking GhostNet: investigating a cyber espionage network"
1315:"Introducing Forrester's Cyber Threat Intelligence Research"
3325:
769:
647:
3339:"Threat Group Naming Schemes In Cyber Threat Intelligence"
3117:
1884:"China says U.S. hacking accusations lack technical proof"
2194:
van Dantzig, Maarten; Schamper, Erik (19 December 2019).
2028:"Threat Intelligence in an Active Cyber Defense (Part 2)"
1998:"Threat Intelligence in an Active Cyber Defense (Part 1)"
1678:
Cybersecurity: Current Writings on Threats and Protection
1417:"Targeted Attacks Increased, Became More Diverse in 2011"
1099:"Cyber Threats to the Retail and Consumer Goods Industry"
16:
Set of stealthy and continuous computer hacking processes
3424:"Microsoft shifts to a new threat actor naming taxonomy"
3120:"Gamaredon - When nation states don't pay all the bills"
3399:. Thailand Electronic Transactions Development Agency.
1968:"Anatomy of an APT (Advanced Persistent Threat) Attack"
3176:"PROMETHIUM extends global reach with StrongPity3 APT"
441:
Chinese information operations and information warfare
302:
Cover tracks to maintain access for future initiatives
286:
Target specific organizations for a singular objective
2688:
1853:"What are MITRE ATT&CK initial access techniques"
1827:"APT1: Exposing One of China's Cyber Espionage Units"
1767:"Outmaneuvering Advanced and Evasive Malware Threats"
1499:
1127:"Advanced Persistent Threats: A Symantec Perspective"
530:(also known as APT41, Winnti Group, Barium, or Axiom)
1343:"Enforcing a Prohibition on International Espionage"
596:
Remix Kitten (also known as APT39, ITG07, or Chafer)
3080:
3078:
2954:"Pioneer Kitten APT Sells Corporate Network Access"
2413:
2193:
765:Dragos bases its names for APT groups on minerals.
3042:
2923:
2921:
1341:
518:Zirconium (also known as APT31 and Violet Typhoon)
3118:Warren Mercer; Vitor Ventura (23 February 2021).
2891:"Staying ahead of threat actors in the age of AI"
2885:
2883:
1532:"Commander Discusses a Decade of DOD Cyber Power"
4059:
3198:
3075:
1650:"Anatomy of an Advanced Persistent Threat (APT)"
1642:
329:. Another popular infection method was planting
3084:
1946:. McGraw Hill Professional, 2013. p. xxv.
1943:GSEC GIAC Security Essentials Certification All
1795:
1789:
1702:Ingerman, Bret; Yang, Catherine (31 May 2011).
74:and many more. Some groups utilize traditional
3299:"Lined up in the sights of Vietnamese hackers"
3111:
2880:
2794:Intelligence, Microsoft Threat (24 May 2023).
1592:"Understanding the Advanced Persistent Threat"
989:"What is an Advanced Persistent Threat (APT)?"
953:"What Is an Advanced Persistent Threat (APT)?"
923:"What Is an Advanced Persistent Threat (APT)?"
3483:
3415:
1913:. The Munk Centre for International Studies,
1728:
1477:. BusinessWeek. 10 April 2008. Archived from
1451:. BusinessWeek. 10 April 2008. Archived from
1253:"Explained: Advanced Persistent Threat (APT)"
108:reported the mean dwell-time for 2018 in the
3336:
3206:"Equation: The Death Star of Malware Galaxy"
3048:
2793:
2164:U.S. Department of Health and Human Services
2080:
1701:
1674:
1623:. Usenix, Michael K. Daly. 4 November 2009.
3458:Mandiant: Advanced Persistent Threat Groups
3357:
2471:
1821:
1819:
1288:. SANS Technology Institute. Archived from
3490:
3476:
3167:
2952:Montalbano, Elizabeth (1 September 2020).
2951:
2187:
1939:
536:(also known as Dragonbridge or Storm 1376)
183:, which targeted the computer hardware of
4034:Security information and event management
3234:
3150:"Adversary: Venomous Bear - Threat Actor"
2856:
2854:
1881:
1857:GitGuardian - Automated Secrets Detection
559:Charcoal Typhoon (also known as CHROMIUM)
221:. Businesses holding a large quantity of
3497:
1816:
1798:"APT (Advanced Persistent Threat) Group"
1562:"Under Cyberthreat: Defense Contractors"
1414:
775:Microsoft used to assign names from the
408:
269:
3421:
3389:
3365:"CrowdStrike 2023 Global Threat Report"
3014:"Crowdstrike Global Threat Report 2020"
2694:
2632:
2545:was invoked but never defined (see the
2388:
2357:
2326:
2234:
4060:
2851:
2839:from the original on 24 September 2024
2824:
2727:
2278:from the original on 24 September 2024
1773:. Secureworks Insights. Archived from
1542:from the original on 19 September 2020
1217:"Advanced persistent Threat Awareness"
1051:from the original on 21 September 2021
317: – performed by use of
156:
4011:Host-based intrusion detection system
3471:
3403:from the original on 29 November 2022
2994:from the original on 30 December 2022
2903:from the original on 16 February 2024
2868:from the original on 16 February 2024
2709:from the original on 29 November 2023
2591:
2558:
2339:from the original on 29 November 2023
2308:from the original on 15 November 2019
2265:
2175:from the original on 29 December 2023
2136:from the original on 24 November 2023
2038:from the original on 27 February 2021
1921:from the original on 27 December 2023
1902:
1863:from the original on 29 November 2023
1598:from the original on 18 February 2010
1181:
1179:
1177:
1013:
562:Salmon Typhoon (also known as SODIUM)
3430:from the original on 22 January 2024
3345:from the original on 8 December 2023
3063:from the original on 6 February 2022
2806:from the original on 17 January 2024
2663:
2573:from the original on 26 October 2022
1978:from the original on 7 November 2020
1804:from the original on 15 January 2019
1747:from the original on 5 November 2016
1572:from the original on 11 January 2010
1512:from the original on 21 January 2010
1348:Chicago Journal of International Law
1339:
1317:. Forrester Research. Archived from
1187:"Advanced Persistent Threats (APTs)"
1035:
1033:
982:
980:
978:
799:Chinese intelligence activity abroad
445:Chinese intelligence activity abroad
4042:Runtime application self-protection
3320:particular, on its own compatriots.
2760:
2540:
2421:"How Microsoft names threat actors"
2148:
1882:Blanchard, Ben (19 February 2013).
1197:from the original on 11 August 2019
986:
779:, often stylized in all-caps (e.g.
223:personally identifiable information
202:Actors in many countries have used
13:
3593:
3377:from the original on 26 March 2024
3309:from the original on 22 March 2021
3278:from the original on 22 March 2021
3247:from the original on 22 March 2021
3235:Gallagher, Sean (3 October 2019).
3186:from the original on 22 March 2022
3130:from the original on 19 March 2022
3099:from the original on 22 March 2022
3030:from the original on 14 March 2020
2964:from the original on 22 March 2021
2825:Tucker, Eric (18 September 2024).
2818:
2775:from the original on 22 March 2021
2695:Nichols, Shaun (20 October 2021).
2535:
2523:from the original on 22 March 2021
2511:"Bureau names ransomware culprits"
2459:from the original on 25 March 2024
2358:Lyngaas, Sean (12 February 2019).
1890:from the original on 14 April 2021
1729:McMahon, Dave; Rohozinski, Rafal.
1710:from the original on 14 April 2021
1652:. Dell SecureWorks. Archived from
1174:
1156:Future Generation Computer Systems
1153:
963:from the original on 22 March 2021
933:from the original on 22 March 2021
14:
4094:
3974:Security-focused operating system
3446:
3265:
3216:from the original on 11 July 2019
3085:Charlie Osborne (21 March 2022).
2742:from the original on 24 July 2023
2728:Ilascu, Ionut (19 October 2021).
2676:from the original on 2 March 2021
2487:. 16 October 2019. Archived from
2427:from the original on 10 July 2024
2389:Lyngaas, Sean (16 October 2020).
2235:Vijayan, Jai (19 December 2019).
2068:from the original on 31 July 2021
2008:from the original on 20 June 2021
1396:from the original on 7 April 2019
1233:from the original on 10 June 2016
1030:
995:from the original on 7 April 2019
975:
3770:Insecure direct object reference
3049:Kyle Alspach (4 February 2022).
2645:from the original on 6 July 2023
2614:from the original on 25 May 2024
2541:Cite error: The named reference
2327:Lyngaas, Sean (10 August 2021).
2266:Barth, Bradley (16 March 2016).
1829:. Mandiant. 2013. Archived from
1796:EMAGCOMSECURITY (9 April 2015).
1630:from the original on 11 May 2021
1415:Olavsrud, Thor (30 April 2012).
1366:from the original on 22 May 2021
1041:"M-Trends Cyber Security Trends"
694:
4024:Information security management
3422:Lambert, John (18 April 2023).
3290:
3259:
3228:
3142:
3006:
2976:
2945:
2915:
2787:
2754:
2666:"New nation-state cyberattacks"
2657:
2626:
2585:
2552:
2503:
2452:U.S. Department of the Treasury
2439:
2401:from the original on 7 May 2021
2382:
2370:from the original on 7 May 2021
2351:
2320:
2290:
2259:
2247:from the original on 7 May 2021
2228:
2110:
2098:from the original on 7 May 2019
2050:
2020:
1990:
1960:
1875:
1845:
1759:
1722:
1695:
1610:
1594:. Tom Parker. 4 February 2010.
1584:
1554:
1524:
1493:
1467:
1441:
1408:
1378:
1333:
1307:
1275:
1263:from the original on 9 May 2019
1245:
1209:
887:
480:DeputyDog (also known as APT17)
3154:Crowdstrike Adversary Universe
2633:Naraine, Ryan (2 March 2021).
2559:Sabin, Sam (26 October 2022).
2423:. Microsoft. 16 January 2024.
2166:Office of Information Security
1940:RicMessier (30 October 2013).
1147:
1119:
1091:
1063:
1007:
945:
915:
600:
341:remote administration software
1:
1568:. BusinessWeek. 6 July 2009.
908:
712:SandCat, associated with the
706:
485:People's Liberation Army Navy
425:
265:
123:
3337:BushidoToken (20 May 2022).
1168:10.1016/j.future.2017.06.021
92:malware (malicious software)
7:
4078:Hacking (computer security)
4029:Information risk management
3950:Multi-factor authentication
3506:Related security categories
2592:Milmo, Dan (5 April 2024).
2156:"China-Based Threat Actors"
1475:"The New E-spionage Threat"
786:
496:Wocao (also known as APT20)
208:United States Cyber Command
10:
4099:
4068:Advanced persistent threat
4006:Intrusion detection system
3964:Computer security software
3620:Advanced persistent threat
2664:Burt, Tom (2 March 2021).
1536:U.S. DEPARTMENT OF DEFENSE
864:Tailored Access Operations
720:
673:
434:
46:has recorded instances of
21:advanced persistent threat
3905:
3605:
3591:
3585:Digital rights management
3505:
1704:"Top-Ten IT Issues, 2011"
1681:. McFarland. p. 69.
737:
624:
511:(also known as APT30 and
502:APT26 (aka Turbine Panda)
420:cyber threat intelligence
3730:Denial-of-service attack
3625:Arbitrary code execution
3341:. Curated Intelligence.
2641:. Wired Business Media.
880:
430:
400:People's Liberation Army
339: – plant
3940:Computer access control
3892:Rogue security software
3555:Electromagnetic warfare
2931:The Wall Street Journal
2800:Microsoft Security Blog
844:Proactive cyber defence
569:
547:(Also known as UNC1945)
365:Internal reconnaissance
361:administrator accounts.
171:United States Air Force
3986:Obfuscation (software)
3715:Browser Helper Objects
3599:
716:according to Kaspersky
714:State Security Service
349: – use
275:
236:Financial institutions
185:Iran's nuclear program
3981:Data-centric security
3862:Remote access trojans
3597:
1915:University of Toronto
644:(also known as APT28)
638:(also known as APT29)
620:(also known as APT37)
614:(also known as APT38)
590:(also known as APT34)
584:(also known as APT33)
578:(also known as APT35)
524:(also known as APT40)
493:(also known as APT19)
477:(also known as APT12)
471:(also known as APT10)
437:Cyberwarfare by China
409:Mitigation strategies
273:
3913:Application security
3807:Privilege escalation
3675:Cross-site scripting
3528:Cybersex trafficking
3499:Information security
3303:Bayerischer Rundfunk
3212:. 16 February 2015.
2899:. 14 February 2024.
2864:. 14 February 2024.
2034:. 24 February 2015.
2004:. 18 February 2015.
1449:"An Evolving Crisis"
1340:Beim, Jared (2018).
1014:Cole., Eric (2013).
465:(also known as APT3)
459:(also known as APT2)
453:(also known as APT1)
325:, over email, using
3560:Information warfare
3518:Automotive security
3452:Lists of APT groups
2670:blogs.microsoft.com
2241:www.darkreading.com
1706:. Educause Review.
839:Operation Shady RAT
499:APT22 (aka Suckfly)
415:command and control
347:Escalate privileges
157:History and targets
78:vectors, including
3969:Antivirus software
3837:Social engineering
3802:Polymorphic engine
3755:Fraudulent dialers
3660:Hardware backdoors
3600:
2761:Cimpanu, Catalin.
2364:www.cyberscoop.com
2333:www.cyberscoop.com
2168:. 16 August 2023.
1833:on 2 February 2015
1738:publications.gc.ca
1455:on 10 January 2010
1115:on 11 August 2019.
1087:on 11 August 2019.
337:Establish foothold
319:social engineering
315:Initial compromise
276:
252:Telecommunications
84:human intelligence
80:social engineering
56:financial services
4055:
4054:
4017:Anomaly detection
3922:Secure by default
3775:Keystroke loggers
3710:Drive-by download
3598:vectorial version
3565:Internet security
3513:Computer security
2735:Bleeping Computer
2455:. 19 March 2024.
1953:978-0-07-182091-2
1688:978-1-4766-7440-7
1257:Malwarebytes Labs
927:www.kaspersky.com
618:Ricochet Chollima
381:Maintain presence
355:password cracking
192:computer security
116:as 177 days, and
4090:
3926:Secure by design
3857:Hardware Trojans
3690:History sniffing
3680:Cross-site leaks
3575:Network security
3492:
3485:
3478:
3469:
3468:
3440:
3439:
3437:
3435:
3419:
3413:
3412:
3410:
3408:
3397:"Rampant Kitten"
3393:
3387:
3386:
3384:
3382:
3376:
3369:
3361:
3355:
3354:
3352:
3350:
3334:
3323:
3322:
3316:
3314:
3294:
3288:
3287:
3285:
3283:
3274:. The Diplomat.
3263:
3257:
3256:
3254:
3252:
3243:. Ars Technica.
3232:
3226:
3225:
3223:
3221:
3202:
3196:
3195:
3193:
3191:
3171:
3165:
3164:
3162:
3160:
3146:
3140:
3139:
3137:
3135:
3115:
3109:
3108:
3106:
3104:
3082:
3073:
3072:
3070:
3068:
3046:
3040:
3039:
3037:
3035:
3029:
3018:
3010:
3004:
3003:
3001:
2999:
2988:attack.mitre.org
2980:
2974:
2973:
2971:
2969:
2949:
2943:
2942:
2940:
2938:
2927:
2919:
2913:
2912:
2910:
2908:
2887:
2878:
2877:
2875:
2873:
2858:
2849:
2848:
2846:
2844:
2832:Associated Press
2822:
2816:
2815:
2813:
2811:
2791:
2785:
2784:
2782:
2780:
2758:
2752:
2751:
2749:
2747:
2725:
2719:
2718:
2716:
2714:
2692:
2686:
2685:
2683:
2681:
2661:
2655:
2654:
2652:
2650:
2639:securityweek.com
2630:
2624:
2623:
2621:
2619:
2589:
2583:
2582:
2580:
2578:
2556:
2550:
2544:
2539:
2533:
2532:
2530:
2528:
2507:
2501:
2500:
2498:
2496:
2475:
2469:
2468:
2466:
2464:
2443:
2437:
2436:
2434:
2432:
2417:
2411:
2410:
2408:
2406:
2386:
2380:
2379:
2377:
2375:
2355:
2349:
2348:
2346:
2344:
2324:
2318:
2317:
2315:
2313:
2294:
2288:
2287:
2285:
2283:
2263:
2257:
2256:
2254:
2252:
2243:. Dark Reading.
2232:
2226:
2225:
2223:
2221:
2216:on 22 March 2021
2215:
2209:. Archived from
2200:
2191:
2185:
2184:
2182:
2180:
2174:
2160:
2152:
2146:
2145:
2143:
2141:
2135:
2122:
2114:
2108:
2107:
2105:
2103:
2084:
2078:
2077:
2075:
2073:
2062:www.jinfowar.com
2054:
2048:
2047:
2045:
2043:
2024:
2018:
2017:
2015:
2013:
1994:
1988:
1987:
1985:
1983:
1964:
1958:
1957:
1937:
1931:
1930:
1928:
1926:
1906:
1900:
1899:
1897:
1895:
1879:
1873:
1872:
1870:
1868:
1849:
1843:
1842:
1840:
1838:
1823:
1814:
1813:
1811:
1809:
1793:
1787:
1786:
1784:
1782:
1763:
1757:
1756:
1754:
1752:
1746:
1735:
1726:
1720:
1719:
1717:
1715:
1699:
1693:
1692:
1672:
1666:
1665:
1663:
1661:
1646:
1640:
1639:
1637:
1635:
1629:
1622:
1614:
1608:
1607:
1605:
1603:
1588:
1582:
1581:
1579:
1577:
1558:
1552:
1551:
1549:
1547:
1528:
1522:
1521:
1519:
1517:
1497:
1491:
1490:
1488:
1486:
1481:on 18 April 2011
1471:
1465:
1464:
1462:
1460:
1445:
1439:
1438:
1436:
1434:
1429:on 14 April 2021
1425:. Archived from
1412:
1406:
1405:
1403:
1401:
1382:
1376:
1375:
1373:
1371:
1345:
1337:
1331:
1330:
1328:
1326:
1321:on 15 April 2014
1311:
1305:
1304:
1302:
1300:
1294:
1287:
1279:
1273:
1272:
1270:
1268:
1259:. 26 July 2016.
1249:
1243:
1242:
1240:
1238:
1232:
1221:
1213:
1207:
1206:
1204:
1202:
1183:
1172:
1171:
1151:
1145:
1144:
1142:
1136:. Archived from
1131:
1123:
1117:
1116:
1114:
1108:. Archived from
1103:
1095:
1089:
1088:
1086:
1080:. Archived from
1075:
1067:
1061:
1060:
1058:
1056:
1037:
1028:
1027:
1011:
1005:
1004:
1002:
1000:
987:Maloney, Sarah.
984:
973:
972:
970:
968:
949:
943:
942:
940:
938:
919:
902:
891:
834:Operation Aurora
814:Fileless malware
387:Complete mission
327:zero-day viruses
243:Higher education
219:sovereign states
37:computer network
27:) is a stealthy
4098:
4097:
4093:
4092:
4091:
4089:
4088:
4087:
4058:
4057:
4056:
4051:
3901:
3601:
3589:
3580:Copy protection
3570:Mobile security
3501:
3496:
3449:
3444:
3443:
3433:
3431:
3420:
3416:
3406:
3404:
3395:
3394:
3390:
3380:
3378:
3374:
3370:. CrowdStrike.
3367:
3363:
3362:
3358:
3348:
3346:
3335:
3326:
3312:
3310:
3295:
3291:
3281:
3279:
3272:thediplomat.com
3264:
3260:
3250:
3248:
3241:arstechnica.com
3233:
3229:
3219:
3217:
3204:
3203:
3199:
3189:
3187:
3172:
3168:
3158:
3156:
3148:
3147:
3143:
3133:
3131:
3116:
3112:
3102:
3100:
3083:
3076:
3066:
3064:
3047:
3043:
3033:
3031:
3027:
3021:crowdstrike.com
3016:
3012:
3011:
3007:
2997:
2995:
2982:
2981:
2977:
2967:
2965:
2950:
2946:
2936:
2934:
2920:
2916:
2906:
2904:
2889:
2888:
2881:
2871:
2869:
2860:
2859:
2852:
2842:
2840:
2823:
2819:
2809:
2807:
2792:
2788:
2778:
2776:
2759:
2755:
2745:
2743:
2726:
2722:
2712:
2710:
2693:
2689:
2679:
2677:
2662:
2658:
2648:
2646:
2631:
2627:
2617:
2615:
2590:
2586:
2576:
2574:
2557:
2553:
2542:
2536:
2526:
2524:
2519:. 17 May 2020.
2509:
2508:
2504:
2494:
2492:
2477:
2476:
2472:
2462:
2460:
2445:
2444:
2440:
2430:
2428:
2419:
2418:
2414:
2404:
2402:
2387:
2383:
2373:
2371:
2356:
2352:
2342:
2340:
2325:
2321:
2311:
2309:
2296:
2295:
2291:
2281:
2279:
2264:
2260:
2250:
2248:
2233:
2229:
2219:
2217:
2213:
2198:
2192:
2188:
2178:
2176:
2172:
2158:
2154:
2153:
2149:
2139:
2137:
2133:
2120:
2116:
2115:
2111:
2101:
2099:
2086:
2085:
2081:
2071:
2069:
2056:
2055:
2051:
2041:
2039:
2032:Recorded Future
2026:
2025:
2021:
2011:
2009:
2002:Recorded Future
1996:
1995:
1991:
1981:
1979:
1966:
1965:
1961:
1954:
1938:
1934:
1924:
1922:
1907:
1903:
1893:
1891:
1880:
1876:
1866:
1864:
1859:. 8 June 2021.
1851:
1850:
1846:
1836:
1834:
1825:
1824:
1817:
1807:
1805:
1794:
1790:
1780:
1778:
1777:on 7 April 2019
1765:
1764:
1760:
1750:
1748:
1744:
1733:
1727:
1723:
1713:
1711:
1700:
1696:
1689:
1673:
1669:
1659:
1657:
1656:on 5 March 2016
1648:
1647:
1643:
1633:
1631:
1627:
1620:
1616:
1615:
1611:
1601:
1599:
1590:
1589:
1585:
1575:
1573:
1560:
1559:
1555:
1545:
1543:
1530:
1529:
1525:
1515:
1513:
1498:
1494:
1484:
1482:
1473:
1472:
1468:
1458:
1456:
1447:
1446:
1442:
1432:
1430:
1413:
1409:
1399:
1397:
1384:
1383:
1379:
1369:
1367:
1338:
1334:
1324:
1322:
1313:
1312:
1308:
1298:
1296:
1295:on 26 June 2013
1292:
1285:
1281:
1280:
1276:
1266:
1264:
1251:
1250:
1246:
1236:
1234:
1230:
1219:
1215:
1214:
1210:
1200:
1198:
1185:
1184:
1175:
1152:
1148:
1140:
1129:
1125:
1124:
1120:
1112:
1101:
1097:
1096:
1092:
1084:
1073:
1069:
1068:
1064:
1054:
1052:
1039:
1038:
1031:
1012:
1008:
998:
996:
985:
976:
966:
964:
951:
950:
946:
936:
934:
921:
920:
916:
911:
906:
905:
892:
888:
883:
878:
789:
740:
729:(also known as
723:
709:
697:
682:(also known as
676:
655:(also known as
627:
603:
576:Charming Kitten
572:
522:Periscope Group
447:
433:
428:
411:
268:
159:
126:
97:APT attacks on
44:business sector
17:
12:
11:
5:
4096:
4086:
4085:
4080:
4075:
4070:
4053:
4052:
4050:
4049:
4047:Site isolation
4044:
4039:
4038:
4037:
4031:
4021:
4020:
4019:
4014:
4003:
3998:
3993:
3988:
3983:
3978:
3977:
3976:
3971:
3961:
3960:
3959:
3954:
3953:
3952:
3945:Authentication
3937:
3936:
3935:
3934:
3933:
3923:
3920:
3909:
3907:
3903:
3902:
3900:
3899:
3894:
3889:
3884:
3879:
3874:
3869:
3864:
3859:
3854:
3849:
3844:
3839:
3834:
3829:
3824:
3819:
3814:
3809:
3804:
3799:
3798:
3797:
3787:
3782:
3777:
3772:
3767:
3762:
3757:
3752:
3747:
3745:Email spoofing
3742:
3737:
3732:
3727:
3722:
3717:
3712:
3707:
3702:
3697:
3692:
3687:
3685:DOM clobbering
3682:
3677:
3672:
3667:
3665:Code injection
3662:
3657:
3656:
3655:
3650:
3645:
3640:
3632:
3627:
3622:
3617:
3611:
3609:
3603:
3602:
3592:
3590:
3588:
3587:
3582:
3577:
3572:
3567:
3562:
3557:
3552:
3547:
3545:Cyberterrorism
3542:
3537:
3536:
3535:
3533:Computer fraud
3530:
3520:
3515:
3509:
3507:
3503:
3502:
3495:
3494:
3487:
3480:
3472:
3466:
3465:
3460:
3454:
3453:
3448:
3447:External links
3445:
3442:
3441:
3414:
3388:
3356:
3324:
3289:
3266:Panda, Ankit.
3258:
3227:
3197:
3166:
3141:
3110:
3074:
3041:
3005:
2975:
2944:
2914:
2879:
2850:
2817:
2786:
2753:
2720:
2687:
2656:
2625:
2584:
2551:
2534:
2502:
2470:
2438:
2412:
2381:
2366:. Cyberscoop.
2350:
2319:
2289:
2258:
2227:
2186:
2147:
2109:
2094:. 7 May 2019.
2079:
2049:
2019:
1989:
1959:
1952:
1932:
1901:
1874:
1844:
1815:
1788:
1758:
1721:
1694:
1687:
1667:
1641:
1609:
1583:
1553:
1523:
1492:
1466:
1440:
1407:
1377:
1332:
1306:
1274:
1244:
1224:TrendMicro Inc
1208:
1173:
1146:
1143:on 8 May 2018.
1118:
1090:
1062:
1029:
1006:
974:
944:
913:
912:
910:
907:
904:
903:
885:
884:
882:
879:
877:
876:
871:
866:
861:
856:
851:
849:Spear-phishing
846:
841:
836:
831:
826:
821:
816:
811:
806:
801:
796:
790:
788:
785:
777:periodic table
739:
736:
735:
734:
722:
719:
718:
717:
708:
705:
704:
703:
701:Equation Group
696:
693:
692:
691:
675:
672:
671:
670:
665:
660:
657:Primitive Bear
650:
645:
639:
633:
626:
623:
622:
621:
615:
609:
602:
599:
598:
597:
594:
593:Pioneer Kitten
591:
585:
579:
571:
568:
567:
566:
563:
560:
557:
554:
551:
550:Tropic Trooper
548:
542:
537:
531:
525:
519:
516:
509:PLA Unit 78020
506:
503:
500:
497:
494:
488:
481:
478:
475:Numbered Panda
472:
466:
460:
457:PLA Unit 61486
454:
451:PLA Unit 61398
432:
429:
427:
424:
410:
407:
391:
390:
384:
378:
375:Move laterally
372:
369:Windows domain
362:
359:Windows domain
344:
334:
323:spear phishing
304:
303:
300:
297:
294:
291:spear phishing
287:
267:
264:
259:
258:
256:Transportation
253:
250:
247:
244:
241:
238:
233:
230:
158:
155:
154:
153:
147:
141:
125:
122:
99:mobile devices
72:consumer goods
60:legal services
31:, typically a
15:
9:
6:
4:
3:
2:
4095:
4084:
4081:
4079:
4076:
4074:
4071:
4069:
4066:
4065:
4063:
4048:
4045:
4043:
4040:
4035:
4032:
4030:
4027:
4026:
4025:
4022:
4018:
4015:
4012:
4009:
4008:
4007:
4004:
4002:
3999:
3997:
3994:
3992:
3989:
3987:
3984:
3982:
3979:
3975:
3972:
3970:
3967:
3966:
3965:
3962:
3958:
3957:Authorization
3955:
3951:
3948:
3947:
3946:
3943:
3942:
3941:
3938:
3932:
3929:
3928:
3927:
3924:
3921:
3919:
3918:Secure coding
3916:
3915:
3914:
3911:
3910:
3908:
3904:
3898:
3895:
3893:
3890:
3888:
3887:SQL injection
3885:
3883:
3880:
3878:
3875:
3873:
3870:
3868:
3867:Vulnerability
3865:
3863:
3860:
3858:
3855:
3853:
3852:Trojan horses
3850:
3848:
3847:Software bugs
3845:
3843:
3840:
3838:
3835:
3833:
3830:
3828:
3825:
3823:
3820:
3818:
3815:
3813:
3810:
3808:
3805:
3803:
3800:
3796:
3793:
3792:
3791:
3788:
3786:
3783:
3781:
3778:
3776:
3773:
3771:
3768:
3766:
3763:
3761:
3758:
3756:
3753:
3751:
3748:
3746:
3743:
3741:
3738:
3736:
3735:Eavesdropping
3733:
3731:
3728:
3726:
3725:Data scraping
3723:
3721:
3718:
3716:
3713:
3711:
3708:
3706:
3703:
3701:
3698:
3696:
3695:Cryptojacking
3693:
3691:
3688:
3686:
3683:
3681:
3678:
3676:
3673:
3671:
3668:
3666:
3663:
3661:
3658:
3654:
3651:
3649:
3646:
3644:
3641:
3639:
3636:
3635:
3633:
3631:
3628:
3626:
3623:
3621:
3618:
3616:
3613:
3612:
3610:
3608:
3604:
3596:
3586:
3583:
3581:
3578:
3576:
3573:
3571:
3568:
3566:
3563:
3561:
3558:
3556:
3553:
3551:
3548:
3546:
3543:
3541:
3538:
3534:
3531:
3529:
3526:
3525:
3524:
3521:
3519:
3516:
3514:
3511:
3510:
3508:
3504:
3500:
3493:
3488:
3486:
3481:
3479:
3474:
3473:
3470:
3464:
3461:
3459:
3456:
3455:
3451:
3450:
3429:
3426:. Microsoft.
3425:
3418:
3402:
3398:
3392:
3373:
3366:
3360:
3344:
3340:
3333:
3331:
3329:
3321:
3308:
3304:
3300:
3293:
3277:
3273:
3269:
3262:
3246:
3242:
3238:
3231:
3215:
3211:
3210:Kaspersky Lab
3207:
3201:
3185:
3181:
3177:
3170:
3155:
3151:
3145:
3129:
3125:
3121:
3114:
3098:
3094:
3093:
3088:
3081:
3079:
3062:
3058:
3057:
3052:
3045:
3026:
3022:
3015:
3009:
2993:
2989:
2985:
2979:
2963:
2959:
2955:
2948:
2933:
2932:
2926:
2918:
2902:
2898:
2897:
2892:
2886:
2884:
2867:
2863:
2857:
2855:
2838:
2834:
2833:
2828:
2821:
2805:
2801:
2797:
2790:
2774:
2770:
2769:
2764:
2757:
2741:
2737:
2736:
2731:
2724:
2708:
2704:
2703:
2698:
2691:
2675:
2672:. Microsoft.
2671:
2667:
2660:
2644:
2640:
2636:
2629:
2613:
2609:
2605:
2601:
2600:
2595:
2588:
2572:
2568:
2567:
2562:
2555:
2548:
2538:
2522:
2518:
2517:
2512:
2506:
2491:on 7 May 2021
2490:
2486:
2485:
2480:
2474:
2458:
2454:
2453:
2448:
2442:
2426:
2422:
2416:
2400:
2396:
2392:
2385:
2369:
2365:
2361:
2354:
2338:
2334:
2330:
2323:
2307:
2303:
2299:
2293:
2277:
2273:
2269:
2262:
2246:
2242:
2238:
2231:
2212:
2208:
2204:
2197:
2196:"Wocao APT20"
2190:
2171:
2167:
2165:
2157:
2151:
2132:
2128:
2127:
2119:
2113:
2097:
2093:
2089:
2083:
2067:
2063:
2059:
2053:
2037:
2033:
2029:
2023:
2007:
2003:
1999:
1993:
1977:
1973:
1969:
1963:
1955:
1949:
1945:
1944:
1936:
1920:
1916:
1912:
1905:
1889:
1885:
1878:
1862:
1858:
1854:
1848:
1832:
1828:
1822:
1820:
1803:
1799:
1792:
1776:
1772:
1768:
1762:
1743:
1739:
1732:
1725:
1709:
1705:
1698:
1690:
1684:
1680:
1679:
1671:
1655:
1651:
1645:
1626:
1619:
1613:
1597:
1593:
1587:
1571:
1567:
1566:Bloomberg.com
1563:
1557:
1541:
1537:
1533:
1527:
1511:
1507:
1503:
1496:
1480:
1476:
1470:
1454:
1450:
1444:
1428:
1424:
1423:
1418:
1411:
1395:
1391:
1387:
1381:
1365:
1361:
1357:
1353:
1349:
1344:
1336:
1320:
1316:
1310:
1291:
1284:
1278:
1262:
1258:
1254:
1248:
1229:
1225:
1218:
1212:
1196:
1192:
1191:IT Governance
1188:
1182:
1180:
1178:
1169:
1165:
1161:
1157:
1150:
1139:
1135:
1128:
1122:
1111:
1107:
1100:
1094:
1083:
1079:
1072:
1066:
1050:
1046:
1042:
1036:
1034:
1025:
1021:
1017:
1010:
994:
990:
983:
981:
979:
962:
958:
954:
948:
932:
928:
924:
918:
914:
900:
896:
890:
886:
875:
872:
870:
867:
865:
862:
860:
857:
855:
852:
850:
847:
845:
842:
840:
837:
835:
832:
830:
827:
825:
822:
820:
817:
815:
812:
810:
807:
805:
802:
800:
797:
795:
792:
791:
784:
782:
778:
773:
771:
766:
763:
759:
757:
753:
749:
745:
732:
728:
725:
724:
715:
711:
710:
702:
699:
698:
695:United States
689:
685:
681:
678:
677:
669:
668:Venomous Bear
666:
664:
661:
658:
654:
651:
649:
646:
643:
640:
637:
634:
632:
629:
628:
619:
616:
613:
612:Lazarus Group
610:
608:
605:
604:
595:
592:
589:
586:
583:
580:
577:
574:
573:
564:
561:
558:
555:
552:
549:
546:
543:
541:
538:
535:
532:
529:
528:Double Dragon
526:
523:
520:
517:
514:
510:
507:
504:
501:
498:
495:
492:
489:
486:
482:
479:
476:
473:
470:
467:
464:
461:
458:
455:
452:
449:
448:
446:
442:
438:
423:
421:
416:
406:
403:
401:
397:
388:
385:
382:
379:
376:
373:
370:
366:
363:
360:
356:
352:
348:
345:
342:
338:
335:
332:
328:
324:
320:
316:
313:
312:
311:
308:
301:
298:
295:
292:
288:
285:
284:
283:
281:
272:
263:
257:
254:
251:
248:
246:Manufacturing
245:
242:
239:
237:
234:
231:
228:
227:
226:
224:
220:
215:
213:
209:
205:
200:
198:
193:
188:
186:
182:
181:computer worm
179:
174:
172:
168:
164:
151:
148:
145:
142:
138:
134:
131:
130:
129:
121:
119:
115:
111:
107:
102:
100:
95:
93:
89:
85:
81:
77:
73:
69:
65:
61:
57:
53:
49:
45:
40:
38:
34:
30:
26:
22:
4083:Cyberwarfare
3991:Data masking
3619:
3550:Cyberwarfare
3432:. Retrieved
3417:
3405:. Retrieved
3391:
3379:. Retrieved
3359:
3347:. Retrieved
3318:
3311:. Retrieved
3292:
3280:. Retrieved
3271:
3261:
3249:. Retrieved
3240:
3230:
3218:. Retrieved
3200:
3188:. Retrieved
3179:
3169:
3157:. Retrieved
3153:
3144:
3132:. Retrieved
3123:
3113:
3101:. Retrieved
3090:
3065:. Retrieved
3054:
3044:
3032:. Retrieved
3020:
3008:
2996:. Retrieved
2987:
2978:
2966:. Retrieved
2957:
2947:
2937:25 September
2935:. Retrieved
2929:
2917:
2905:. Retrieved
2894:
2870:. Retrieved
2843:18 September
2841:. Retrieved
2830:
2820:
2808:. Retrieved
2799:
2789:
2777:. Retrieved
2766:
2756:
2744:. Retrieved
2733:
2723:
2711:. Retrieved
2700:
2690:
2678:. Retrieved
2669:
2659:
2647:. Retrieved
2638:
2628:
2616:. Retrieved
2599:The Guardian
2597:
2587:
2575:. Retrieved
2564:
2554:
2537:
2525:. Retrieved
2516:Taipei Times
2514:
2505:
2493:. Retrieved
2489:the original
2482:
2473:
2461:. Retrieved
2450:
2441:
2429:. Retrieved
2415:
2403:. Retrieved
2394:
2384:
2372:. Retrieved
2363:
2353:
2341:. Retrieved
2332:
2322:
2312:24 September
2310:. Retrieved
2301:
2292:
2282:24 September
2280:. Retrieved
2271:
2261:
2249:. Retrieved
2240:
2230:
2218:. Retrieved
2211:the original
2202:
2189:
2177:. Retrieved
2162:
2150:
2138:. Retrieved
2129:. May 2015.
2124:
2112:
2100:. Retrieved
2082:
2070:. Retrieved
2061:
2052:
2040:. Retrieved
2031:
2022:
2010:. Retrieved
2001:
1992:
1980:. Retrieved
1971:
1962:
1942:
1935:
1923:. Retrieved
1904:
1892:. Retrieved
1877:
1865:. Retrieved
1856:
1847:
1835:. Retrieved
1831:the original
1806:. Retrieved
1791:
1779:. Retrieved
1775:the original
1770:
1761:
1749:. Retrieved
1737:
1724:
1712:. Retrieved
1697:
1677:
1670:
1658:. Retrieved
1654:the original
1644:
1632:. Retrieved
1612:
1600:. Retrieved
1586:
1574:. Retrieved
1565:
1556:
1544:. Retrieved
1535:
1526:
1514:. Retrieved
1505:
1495:
1483:. Retrieved
1479:the original
1469:
1457:. Retrieved
1453:the original
1443:
1431:. Retrieved
1427:the original
1422:CIO Magazine
1420:
1410:
1398:. Retrieved
1389:
1380:
1368:. Retrieved
1351:
1347:
1335:
1323:. Retrieved
1319:the original
1309:
1297:. Retrieved
1290:the original
1277:
1265:. Retrieved
1256:
1247:
1235:. Retrieved
1223:
1211:
1199:. Retrieved
1190:
1159:
1155:
1149:
1138:the original
1133:
1121:
1110:the original
1105:
1093:
1082:the original
1077:
1065:
1053:. Retrieved
1044:
1018:. Syngress.
1015:
1009:
997:. Retrieved
965:. Retrieved
956:
947:
935:. Retrieved
926:
917:
889:
804:Cyber spying
774:
767:
764:
760:
741:
631:Berserk Bear
588:Helix Kitten
565:Salt Typhoon
556:Flax Typhoon
553:Volt Typhoon
412:
404:
392:
386:
380:
374:
364:
346:
336:
314:
309:
305:
277:
260:
216:
214:operations.
201:
189:
175:
160:
149:
143:
132:
127:
112:as 71 days,
103:
96:
88:infiltration
48:cyberattacks
41:
29:threat actor
24:
20:
18:
3931:Misuse case
3765:Infostealer
3740:Email fraud
3705:Data breach
3540:Cybergeddon
3056:VentureBeat
3034:30 December
2998:30 December
2968:3 September
2958:Threat Post
2907:16 February
2872:16 February
2220:23 December
1982:14 November
1925:27 December
1886:. Reuters.
1837:19 February
1781:24 February
1771:Secureworks
1506:Der Spiegel
1390:SecureWorks
1354:: 647–672.
1162:: 337–349.
744:CrowdStrike
601:North Korea
534:Spamouflage
491:Codoso Team
240:Health care
229:Agriculture
190:Within the
4062:Categories
3996:Encryption
3872:Web shells
3812:Ransomware
3760:Hacktivism
3523:Cybercrime
3434:21 January
3407:21 January
3381:21 January
3349:21 January
3313:11 October
2702:TechTarget
2577:27 October
2431:21 January
2405:16 October
2395:Cyberscoop
2374:16 October
2251:12 January
2203:fox-it.com
2140:21 January
1867:13 October
1808:15 January
1634:4 November
1602:4 February
1576:20 January
1516:20 January
1459:20 January
1400:23 January
1370:18 January
1360:2012381493
999:9 November
909:References
899:InvisiMole
829:NetSpectre
824:Kill chain
794:Bureau 121
727:OceanLotus
707:Uzbekistan
688:PROMETHIUM
680:StrongPity
642:Fancy Bear
582:Elfin Team
545:LightBasin
469:Red Apollo
435:See also:
426:APT groups
396:Unit 61398
371:structure.
280:kill chain
266:Life cycle
249:Technology
204:cyberspace
144:Persistent
124:Definition
64:industrial
4073:Espionage
3827:Shellcode
3822:Scareware
3670:Crimeware
3630:Backdoors
3251:5 October
2896:Microsoft
2608:0261-3077
2547:help page
2343:15 August
2207:NCC Group
1546:28 August
1267:11 August
1237:11 August
1201:11 August
1055:11 August
1024:939843912
967:11 August
937:11 August
895:Ukrainian
874:Unit 8200
809:Darkhotel
781:POTASSIUM
756:Microsoft
748:Kaspersky
653:Gamaredon
636:Cozy Bear
76:espionage
4001:Firewall
3906:Defenses
3832:Spamming
3817:Rootkits
3790:Phishing
3750:Exploits
3428:Archived
3401:Archived
3372:Archived
3343:Archived
3307:Archived
3282:29 April
3276:Archived
3245:Archived
3214:Archived
3190:22 March
3184:Archived
3159:22 March
3134:22 March
3128:Archived
3103:22 March
3097:Archived
3067:22 March
3061:Archived
3025:Archived
3023:. 2020.
2992:Archived
2962:Archived
2901:Archived
2866:Archived
2837:Archived
2804:Archived
2773:Archived
2740:Archived
2707:Archived
2674:Archived
2643:Archived
2612:Archived
2571:Archived
2521:Archived
2495:14 April
2463:25 March
2457:Archived
2425:Archived
2399:Archived
2368:Archived
2337:Archived
2306:Archived
2276:Archived
2272:SC Media
2245:Archived
2179:29 April
2170:Archived
2131:Archived
2096:Archived
2092:Symantec
2066:Archived
2042:10 March
2036:Archived
2012:10 March
2006:Archived
1976:Archived
1919:Archived
1894:14 April
1888:Archived
1861:Archived
1802:Archived
1742:Archived
1714:14 April
1708:Archived
1625:Archived
1596:Archived
1570:Archived
1540:Archived
1510:Archived
1485:19 March
1433:14 April
1394:Archived
1364:Archived
1356:ProQuest
1325:14 April
1299:14 April
1261:Archived
1228:Archived
1195:Archived
1134:Symantec
1049:Archived
993:Archived
961:Archived
931:Archived
869:Unit 180
819:Ghostnet
787:See also
752:Mandiant
684:APT-C-41
663:Sandworm
351:exploits
197:PC World
133:Advanced
110:Americas
68:telecoms
3842:Spyware
3785:Payload
3780:Malware
3720:Viruses
3700:Botnets
3607:Threats
3220:23 July
2746:8 April
2713:8 April
2680:3 March
2649:3 March
2618:7 April
2484:FireEye
2126:FireEye
2102:23 July
2072:31 July
1972:FireEye
1751:1 April
1106:FireEye
1078:FireEye
1045:FireEye
859:Stuxnet
854:Spyware
721:Vietnam
674:Türkiye
607:Kimsuky
540:Hafnium
463:Buckeye
331:malware
293:emails)
178:Stuxnet
163:trojans
137:malware
106:FireEye
52:defense
4036:(SIEM)
4013:(HIDS)
3897:Zombie
3634:Bombs
3615:Adware
2810:26 May
2779:16 May
2606:
2527:22 May
1950:
1685:
1660:21 May
1358:
1022:
754:, and
738:Naming
625:Russia
513:Naikon
505:APT 27
443:, and
232:Energy
150:Threat
3882:Worms
3877:Wiper
3795:Voice
3643:Logic
3375:(PDF)
3368:(PDF)
3180:Cisco
3124:Cisco
3092:ZDNet
3028:(PDF)
3017:(PDF)
2768:ZDnet
2566:Axios
2302:ZDNET
2214:(PDF)
2199:(PDF)
2173:(PDF)
2159:(PDF)
2134:(PDF)
2121:(PDF)
1745:(PDF)
1734:(PDF)
1628:(PDF)
1621:(PDF)
1293:(PDF)
1286:(PDF)
1231:(PDF)
1220:(PDF)
1141:(PDF)
1130:(PDF)
1113:(PDF)
1102:(PDF)
1085:(PDF)
1074:(PDF)
957:Cisco
881:Notes
731:APT32
431:China
212:cyber
33:state
3648:Time
3638:Fork
3436:2024
3409:2024
3383:2024
3351:2024
3315:2020
3284:2020
3253:2019
3222:2019
3192:2022
3161:2022
3136:2022
3105:2022
3069:2022
3036:2020
3000:2022
2970:2020
2939:2024
2909:2024
2874:2024
2845:2024
2812:2023
2781:2020
2748:2022
2715:2022
2682:2021
2651:2021
2620:2024
2604:ISSN
2579:2022
2529:2020
2497:2020
2465:2024
2433:2024
2407:2020
2376:2020
2345:2021
2314:2024
2284:2024
2253:2020
2222:2019
2181:2024
2142:2024
2104:2019
2074:2021
2044:2021
2014:2021
1984:2020
1948:ISBN
1927:2023
1896:2021
1869:2023
1839:2013
1810:2019
1783:2016
1753:2021
1716:2021
1683:ISBN
1662:2012
1636:2009
1604:2010
1578:2010
1548:2020
1518:2010
1487:2011
1461:2010
1435:2021
1402:2017
1372:2023
1327:2014
1301:2013
1269:2019
1239:2019
1203:2019
1057:2019
1020:OCLC
1001:2018
969:2019
939:2019
770:FIN7
648:FIN7
570:Iran
353:and
321:and
176:The
167:CERT
118:APAC
114:EMEA
86:and
3653:Zip
1164:doi
686:or
398:of
25:APT
19:An
4064::
3327:^
3317:.
3305:.
3301:.
3270:.
3239:.
3208:.
3182:.
3178:.
3152:.
3126:.
3122:.
3095:.
3089:.
3077:^
3059:.
3053:.
3019:.
2990:.
2986:.
2960:.
2956:.
2928:.
2893:.
2882:^
2853:^
2835:.
2829:.
2802:.
2798:.
2771:.
2765:.
2738:.
2732:.
2705:.
2699:.
2668:.
2637:.
2610:.
2602:.
2596:.
2569:.
2563:.
2549:).
2543::5
2513:.
2481:.
2449:.
2397:.
2393:.
2362:.
2335:.
2331:.
2304:.
2300:.
2274:.
2270:.
2239:.
2205:.
2201:.
2161:.
2123:.
2090:.
2064:.
2060:.
2030:.
2000:.
1974:.
1970:.
1917:.
1855:.
1818:^
1800:.
1769:.
1740:.
1736:.
1564:.
1538:.
1534:.
1508:.
1504:.
1419:.
1392:.
1388:.
1362:.
1352:18
1350:.
1346:.
1255:.
1226:.
1222:.
1193:.
1189:.
1176:^
1160:79
1158:.
1132:.
1104:.
1076:.
1047:.
1043:.
1032:^
991:.
977:^
959:.
955:.
929:.
925:.
750:,
746:,
659:)
439:,
282::
94:.
82:,
70:,
66:,
62:,
58:,
54:,
3491:e
3484:t
3477:v
3438:.
3411:.
3385:.
3353:.
3286:.
3255:.
3224:.
3194:.
3163:.
3138:.
3107:.
3071:.
3038:.
3002:.
2972:.
2941:.
2911:.
2876:.
2847:.
2814:.
2783:.
2750:.
2717:.
2684:.
2653:.
2622:.
2581:.
2531:.
2499:.
2467:.
2435:.
2409:.
2378:.
2347:.
2316:.
2286:.
2255:.
2224:.
2183:.
2144:.
2106:.
2076:.
2046:.
2016:.
1986:.
1956:.
1929:.
1898:.
1871:.
1841:.
1812:.
1785:.
1755:.
1718:.
1691:.
1664:.
1638:.
1606:.
1580:.
1550:.
1520:.
1489:.
1463:.
1437:.
1404:.
1374:.
1329:.
1303:.
1271:.
1241:.
1205:.
1170:.
1166::
1059:.
1026:.
1003:.
971:.
941:.
733:)
690:)
515:)
487:)
23:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.