Read:
What Is APT and What Does It Want?
https://taosecurity.blogspot.com/2010/01/what-is-apt-and-what-does-it-want.html
Assignment
The goal of the Final Project is to research and write about a sophisticated computer/network intrusion set/event(s) that have occurred in the recent past, of which I will give you three options. The details on the intrusion set and the attack of which you should base your research on is attached in the associated .pdf:
APIT1 - Exposing One of China's Cyber Espionage Units APT1 Report.pdf: https://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
APT29 - HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group APT29 - HAMMERTOSS Report.pd: https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks Flame Report.pd: https://www.crysys.hu/skywiper/skywiper.pdf
Your assignment is to write 4-6 pages, double-spaced, Times New Roman, 12 pt. Font, 1" margins in a document type of your choice (.doc, .pdf, etc.) detailing/answering the following:
Who is the attacker believed to be and why were they attacking the victim(s)? What were their motives? Were they trying to get information? If so, what information?
What attack vectors and mechanisms did they commonly use? Why, in your opinion, would you consider them to be sophisticated (i.e. not your average hack)?
Why types of encryption were used by the attacker to obfuscate their actions, whether it was an attack or stealthy reconnaissance? Where did the encryption help to hide them?
List out 2-3 Controls from Module 4 that would have helped to prevent certain types of attacks either in the attacker's command and control network or within the victim's network.
Conclude with your thoughts on why you chose this intrusion set/event(s). Explain why this interested you. Were the topics in the .pdf easy or difficult to understand? Please share any thoughts on the topic whether positive or negative.