Tracking Threat Actors: How Infrastructure Analysis Reveals Cyber Attack Patterns
Contents
Unmasking Cyber Threats: How Infrastructure Tracking Aids Attribution
The main subject of this article is to present our methods for clustering and identifying the purpose of an infrastructure. The most added value is the cross-referencing between public or private sources of information to create an infrastructure diagram to start producing intelligence and work with it in the long term.
As we see many blog posts about infrastructure tracking, we at Kudelski Security wanted to produce this article to show some methodologies and practical use cases based on internal research.
Decoding Threat Actor Infrastructure: A Case Study in Attribution
For that, instead of taking ‘Indicators of Compromise’ (IOCs) from an incident response, we are going to take a phishing campaign published by the CISA[1] against U.S and Israeli government officials as an example.
Figure 1: Mapping and enriched IPs from the attack
From the IPs we can see from this campaign, all of them have been attributed …
The main subject of this article is to present our methods for clustering and identifying the purpose of an infrastructure. The most added value is the cross-referencing between public or private sources of information to create an infrastructure diagram to start producing intelligence and work with it in the long term.
As we see many blog posts about infrastructure tracking, we at Kudelski Security wanted to produce this article to show some methodologies and practical use cases based on internal research.
Decoding Threat Actor Infrastructure: A Case Study in Attribution
For that, instead of taking ‘Indicators of Compromise’ (IOCs) from an incident response, we are going to take a phishing campaign published by the CISA[1] against U.S and Israeli government officials as an example.
Figure 1: Mapping and enriched IPs from the attack
From the IPs we can see from this campaign, all of them have been attributed …