The Advanced Persistent Threat (APT) Wiki (Overviews, Groups and Solutions)

See also: CyberWarfare Resources

APT Attacks Overview

• 334 zero-days were used in APT attacks since 2006
• What on Earth is an APT?
• RedBaldKnight/Bronze Butler APT are discovered using malware with sophisticated stego
• Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET
• APT’s-The New Age Intruders
• APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for [32c3]
• What is an Advanced Persistent Threat or APT ?
• What it means that APT actors are targeting MSPs for espionage
• APT search engine – sources are open source listed, you can contribute
• VB2015: The ethics and perils of APT research: an unexpected transition into intelligence brokerage
• VB2015: The ethics and perils of APT research: an unexpected transition into intelligence brokerage
• State Threat Actor APT is in the Detail
• An imagined day in a persistence-as-a-service APT?? team
• APT Chronicles_Vol. 11.2018 by Ian Barwise‍

APT Groups and Campaigns

• Gazer – a new second stage backdoor by Russias top hackers the Turla APT group
• ShadowThreat is more than just another APT
• Petya.A / NotPetya is an AI-powered cyber weapon, TTP lead to Sandworm APT group
• Hard questions you should maybe ask after the APT ProjectSauron aka Remsec by the Strider APT group
• Turla APT group is conducting a new espionage campaign against G20 targets
• A great read on attribution for APT3
• Flash zero-day exploit deployed by the ScarCruft APT Group
• #APT Pawn Storm APT group targets thousands Google Accounts
• Blog post on Cyber Espionage (APT) attack targeting CBI and Possibly Indian Army
• Callisto APT Group exploited Hacking Team surveillance tools to hack Government targets
• Mandiant denies Hacking Back on the APT1 group
• Citizen Lab reports links Russians APT28 to phishing campaigns and attempts to discredit opposition
• Details on the Fancy Bear/APT 28/Pawn Storm/Sofacy hack of Danish military email accounts
• APT-10 Cloud Hopper
• Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
• Kaspersky declares KSN was disabled when Equation APT & Unit 8200 Duqu 2.0 infections occurred
• Learn about the enemy – How to profile national APT hacking group
• APT32 is targeting Vietnamese manufacturering companies
• Threat group APT-C-23 still active, releases GnatSpy mobile malware
• APT group builds malware like Lego using public code
• Kaspersky Lab APT Trends report, Q1 2017 – From Lazarus APT to StoneDrill
• Advanced persistent threat (APT) groups taxonomy and operations overview
• Fancy Bear APT tracked Ukrainian artillery units with an Android implant
• Asian APT Groups Most Active in Q2
• Guccifer 2.0 – Russian APT group or not? Take 2
• #APT APT Group Uses Flash Zero-Day to Attack High-Profile Targets | SecurityWeek.Com

APT detection

• VB2015: Effectively testing APT defences
• Misunderstanding APT Indicators of Compromise
• How visibility can help combat APTs and return power to the defenders
• VB2017 talk: Modern Reconnaisance phase for APTs by Warren Mercer and Paul Rascagneres
• Only You Can Stop Forest Fires and APTs
• APT Intrusions – Unique paths of Delivery (Reference: Paul Pol’s Unified Kill Chain)
• How to Defend your network from APT’s
• General Threat Hunting Techniques To Find APT by Ali Ahangari‍

Tools

• Automated Penetration Testing Toolkit: APT2
• Microsoft security solutions against ransomware and APT

from: https://www.peerlyst.com/posts/the-advanced-persistent-threat-apt-wiki-overviews-groups-and-solutions-chiheb-chebbi