Turkey’s Attacking Apt Groups And Attack Analyses
Thumbnail
This study offers a comprehensive examination of Advanced Persistent Threats (APTs), focusing on their dynamics, techniques employed, and preventive measures. The article discusses the identification of APTs, the reasons behind attacks on Turkey, and their geopolitical and economic impacts. Furthermore, it explains the concept of Tactics, Techniques, and Procedures (TTP), their subdivision into sub-techniques, and details effective strategies to mitigate APT attacks. The emphasis is on raising awareness and strengthening cybersecurity strategies for both individuals and organizations.
Affected: Turkey, APT groups, cybersecurity sector

Keypoints :

  • Definition and characteristics of Advanced Persistent Threats (APTs).
  • Techniques used by APT groups for selecting targets and indicators of compromise (IoCs).
  • Geopolitical reasons for APT attacks on Turkey and their impact on critical infrastructure.
  • Introduction to prominent APT groups targeting Turkey, such as OilRig, MuddyWater, and others.
  • Tactics, Techniques, and Procedures (TTP) of APT groups explained with examples.
  • Strategies and measures that can be implemented to shield against APT attacks.
  • Significance of strong access policies, updated systems, network security, and awareness training.
  • Early detection mechanisms and the need for effective incident response.

MITRE Techniques :

  • T1087 (Account Discovery) – Attackers identify user accounts in a system or Active Directory environment.
  • T1071 (Application Layer Protocol) – Attackers use established communication protocols to obscure C2 traffic.
  • T1059 (Command and Scripting Interpreter) – Command line tools are employed for executing commands in target systems.
  • T1555 (Credentials from Password Managers) – Attackers target password managers to obtain stored credentials.
  • T1566 (Phishing) – Attacks are conducted using phishing techniques to exploit users into providing personal information.
  • T1204 (User Execution) – Malicious software execution dependent on user interaction through email attachments or fake websites.
  • T1547 (Startup Items) – Malicious software is set to run automatically when the system starts.
  • T1105 (Remote File Copy) – Malicious files are transferred to compromised machines from a remote location.

Indicator of Compromise :

  • [FileHash-MD5] 79c7219ba38c5a1971a32b50e14d4a13
  • [FileHash-SHA1] b39b3a778f0c257e58c0e7f851d10c707fbe2666
  • [FileHash-SHA256] 26884f872f4fae13da21fa2a24c24e963ee1eb66da47e270246d6d9dc7204c2b
  • [Domain] asiaworldremit.com
  • [Domain] joexpediagroup.com