Exploring APT Actors

Cyber_00011011 · February 1, 2021

(Estimated Reading Time: 6 minutes)

APT Actors

The term APT or Advanced Persistance Threat is used to refer mainly to Nation States but more recently can also include well funded organized crime groups conducting large scale intrusions. In this blog post we are going to look at the list of APT Groups published by Mitre to understand what countries are most associated with APT Groups, as of Feb-2, 2021.

Who are APT Actors

I took data from the Mitre Groups list of APT Groups and dropped that into excel. With a little clean up of the data I had 123 groups list. I then added a new colum for most likely country of origin and populated the column from reading the threat Actor description. I validated my thinking by also checking the Malpedia list of actors, and Fireeye’s list of APT actors. When I was all said and done, I did a simple GroupBy Country to see the top countries associated with APT Threat actors. There is a large number of groups where the Country of origin is unknown. When I was looking over the unknown groups they largely seemed to be organized crime groups, verses a nation state.

APT Actors

Top Countries Associated with Malicous activity; China, Iran, Russia and North Korea.

I really like how malpedia has curated an extensive list of references for each APT threat actor in their list. It makes it easy to research and learn about a particular actor. For example if you wanted to dig into APT33, malpedia lists nearly 50 references where you can go read more about APT33 techniques and find samples to explore on your own.


Twitter, Facebook