How AI can be used by attackers and defenders?
Contents
Seongsu Park,
Lead security researcher @
2
Seongsu Park
Kaspersky, Global Research and Analysis Team
Lead security researcher
Tracking targeted attacks focused on APAC
Tracking Korean-speaking actors
Focus Area
Investigative Research
Reversing Malware
Digital Forensics
Threat Intelligence
3
APT threat landscape 2022
Kaspersky’s Global Research and Analysis Team (GReAT) is well-known for the discovery and analysis of the
most advanced cyberthreats. According to our data, in 2022 the top APT targets were governments and the
most significant threat actor was Lazarus.
Top 12 targeted countries
Top 10 targets
Government
Telecommunications
Military
Media
Diplomatic
Software
Development
IT companies
Educational
Pakistan
India
Turkey
Ukraine
Kyrgyzstan
Russia
China
South Korea
Manufacturing
Logistics
Top 10 significant threat actors
1
Lazarus
6
Ghostwriter
2
APT10
7
DeathStalker
3
Kimsuky
8
BitterAPT
4
ZexCone
9
SideCopy
Tomiris
10
Gelsemium
5
UAE
Japan
Taiwan
Vietnam
MITRE ATT&CK Framework
ATT&CK: Adversarial Tactics, Techniques, and Common Knowledge
4
MITRE ATT&CK phase
Reconnaiss
ance
Resource
development
5
Initial
infection
Exfiltration
Complete objectives phase
Persistence
Privilege
escalation
Defense
evasion
Implant malicious object phase
Preperation phase
Impact
Execution
Command
and control
Collection
Lateral
movement
Discovery
Post-exploitation phase
Credential
access
The threat life-cycle
Cybercrime
Cover tracks
Define target
Exfiltrate data
Hacktivism
APTs
Find and organise
accomplices
Strengthen foothold
Expand access and
obtain credentials
Build or acquire tools
Carry out
reconnaissance
Initiate outbound
connection
Obtain initial foothold
Test for
detection
Deploy
APT attack case - Kimsuky
7
Operation GoldDragon: Targeting North Korea-related individuals
Reconnaiss
ance
Resource
development
● Searching target
● Setup C2 server
● Create malicious
scripts
● Spearphishing with
social engineering
Impact
Exfiltration
Command
and control
Collection
● Sensitive information
stolen
● Send to …
Lead security researcher @
2
Seongsu Park
Kaspersky, Global Research and Analysis Team
Lead security researcher
Tracking targeted attacks focused on APAC
Tracking Korean-speaking actors
Focus Area
Investigative Research
Reversing Malware
Digital Forensics
Threat Intelligence
3
APT threat landscape 2022
Kaspersky’s Global Research and Analysis Team (GReAT) is well-known for the discovery and analysis of the
most advanced cyberthreats. According to our data, in 2022 the top APT targets were governments and the
most significant threat actor was Lazarus.
Top 12 targeted countries
Top 10 targets
Government
Telecommunications
Military
Media
Diplomatic
Software
Development
IT companies
Educational
Pakistan
India
Turkey
Ukraine
Kyrgyzstan
Russia
China
South Korea
Manufacturing
Logistics
Top 10 significant threat actors
1
Lazarus
6
Ghostwriter
2
APT10
7
DeathStalker
3
Kimsuky
8
BitterAPT
4
ZexCone
9
SideCopy
Tomiris
10
Gelsemium
5
UAE
Japan
Taiwan
Vietnam
MITRE ATT&CK Framework
ATT&CK: Adversarial Tactics, Techniques, and Common Knowledge
4
MITRE ATT&CK phase
Reconnaiss
ance
Resource
development
5
Initial
infection
Exfiltration
Complete objectives phase
Persistence
Privilege
escalation
Defense
evasion
Implant malicious object phase
Preperation phase
Impact
Execution
Command
and control
Collection
Lateral
movement
Discovery
Post-exploitation phase
Credential
access
The threat life-cycle
Cybercrime
Cover tracks
Define target
Exfiltrate data
Hacktivism
APTs
Find and organise
accomplices
Strengthen foothold
Expand access and
obtain credentials
Build or acquire tools
Carry out
reconnaissance
Initiate outbound
connection
Obtain initial foothold
Test for
detection
Deploy
APT attack case - Kimsuky
7
Operation GoldDragon: Targeting North Korea-related individuals
Reconnaiss
ance
Resource
development
● Searching target
● Setup C2 server
● Create malicious
scripts
● Spearphishing with
social engineering
Impact
Exfiltration
Command
and control
Collection
● Sensitive information
stolen
● Send to …