This research paper examines how cybercriminals conduct Advanced Persistent Threat (APT) attacks using adversarial techniques. The study uses 594 adversarial techniques cataloged in MITRE ATT&CK and analyses 667 Cyber Threat Intelligence (CTI) reports. The study finds that obtaining information on the victim’s operating and network system is the most common technique. Spear-phishing is the most common method of initial infection. The research suggests organizations should prioritize their defense against these prevalent techniques and actively search for potential malicious intrusions based on identified pairs of techniques.

 

Publication date: 4 Jan 2024
Project Page: Not Provided
Paper: https://arxiv.org/pdf/2401.01865