Skip to main content
SpringerLink
Log in

Analysis of APT Actors Targeting IoT and Big Data Systems: Shell_Crew, NetTraveler, ProjectSauron, CopyKittens, Volatile Cedar and Transparent Tribe as a Case Study

  • Chapter
  • First Online:
Handbook of Big Data and IoT Security

Abstract

Advanced Persistent Threats (APTs) can repeatedly threaten individuals, organisations and national targets, utilising varying tactics and methods to achieve their objectives. This study looks at six such threat groups, namely Shell_Crew, NetTraveler, ProjectSauron, CopyKittens, Volatile Cedar and Transparent Tribe, examines the methods used by each to traverse the cyber kill chain and highlights the array of capabilities that could be employed by adversary targets. Consideration for mitigation and active defence was then made with a view to preventing the effectiveness of the malicious campaigns. The study found that despite the complex nature of some adversaries, often straightforward methods could be employed at various levels in a networked environment to detract from the ability presented by some of the known threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. M. Hopkins and A. Dehghantanha, “Exploit Kits: The production line of the Cybercrime economy?,” in 2015 2nd International Conference on Information Security and Cyber Forensics, InfoSec 2015, 2016.

    Google Scholar 

  2. S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, and R. Khayami, “Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence,” IEEE Trans. Emerg. Top. Comput., 2017.

    Google Scholar 

  3. S. Walker-Roberts, M. Hammoudeh, and A. Dehghantanha, “A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure,” IEEE Access, 2018.

    Google Scholar 

  4. H. Haddad Pajouh, R. Javidan, R. Khayami, D. Ali, and K.-K. R. Choo, “A Two-layer Dimension Reduction and Two-tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks,” IEEE Trans. Emerg. Top. Comput., pp. 1–1, 2016.

    Google Scholar 

  5. N. Milosevic, A. Dehghantanha, and K.-K. R. Choo, “Machine learning aided Android malware classification,” Comput. Electr. Eng., vol. 61, 2017.

    Google Scholar 

  6. A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning,” IEEE Trans. Sustain. Comput., pp. 1–1, 2018.

    Google Scholar 

  7. E. M. Hutchins, M. J. Cloppert, and R. M. Amin, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.”

    Google Scholar 

  8. D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,” J. Comput. Sci., Nov. 2017.

    Google Scholar 

  9. H. Haddadpajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “A Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting,” Futur. Gener. Comput. Syst., 2018.

    Google Scholar 

  10. S. Watson and A. Dehghantanha, “Digital forensics: the missing piece of the Internet of Things promise,” Comput. Fraud Secur., vol. 2016, no. 6, 2016.

    Google Scholar 

  11. M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things Security and Forensics: Challenges and Opportunities,” Futur. Gener. Comput. Syst., Jul. 2017.

    Google Scholar 

  12. H. H. Pajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “Intelligent OS X malware threat detection with code inspection,” J. Comput. Virol. Hacking Tech., 2017.

    Google Scholar 

  13. M. Petraityte, A. Dehghantanha, and G. Epiphaniou, “A Model for Android and iOS Applications Risk Calculation: CVSS Analysis and Enhancement Using Case-Control Studies,” 2018, pp. 219–237.

    Google Scholar 

  14. H. Haughey, G. Epiphaniou, H. Al-Khateeb, and A. Dehghantanha, Adaptive traffic fingerprinting for darknet threat intelligence, vol. 70. 2018.

    Google Scholar 

  15. S. Caltagirone, A. Pendergast, and C. Betz, “The Diamond Model of Intrusion Analysis,” Threat Connect, vol. 298, no. 0704, pp. 1–61, 2013.

    Google Scholar 

  16. A. Lemay, J. Calvet, F. Menet, and J. M. Fernandez, “Survey of publicly available reports on advanced persistent threat actors,” Comput. Secur., vol. 72, pp. 26–59, Jan. 2018.

    Google Scholar 

  17. EMC/RSA, “RSA Incident Response - Emerging Threat Profile: Shell Crew,” no. January, pp. 1–42, 2014.

    Google Scholar 

  18. Kaspersky, “The NetTraveler (aka ‘Travnet’),” 2004.

    Google Scholar 

  19. S. Response and S. Page, “Security Response Backdoor . Remsec indicators of compromise,” pp. 1–13, 2016.

    Google Scholar 

  20. Clearsky, “CopyKittens Attack Group,” Minerva Labs LTD Clear. Cyber Secur., no. Nov, pp. 1–23, 2015.

    Google Scholar 

  21. T. Intelligence, “Volatile cedar,” 2015.

    Google Scholar 

  22. B. K. Baumgartner, “Cedar DGA Infrastructure Statistics :,” pp. 2–6, 2015.

    Google Scholar 

  23. D. Huss, “Operation Transparent Tribe - Threat Insight,” 2016.

    Google Scholar 

  24. Y. H. Chang and Singh Sudeep, “APT Group Sends Spear Phishing Emails to Indian Government Officials « APT Group Sends Spear Phishing Emails to Indian Government Officials | FireEye Inc,” FireEye, 2016.

    Google Scholar 

  25. A. Cook, H. Janicke, R. Smith, and L. Maglaras, “The industrial control system cyber defence triage process,” Comput. Secur., vol. 70, pp. 467–481, Sep. 2017.

    Google Scholar 

  26. Global Research and Analysis Team, “The ProjectSauron APT,” Kaspersky Lab, vol. 02, pp. 1–23, 2016.

    Google Scholar 

  27. O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, “Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing,” Eurasip J. Wirel. Commun. Netw., vol. 2016, no. 1, 2016.

    Google Scholar 

  28. A. Azmoodeh, A. Dehghantanha, M. Conti, and K.-K. R. Choo, “Detecting crypto-ransomware in IoT networks based on energy consumption footprint,” J. Ambient Intell. Humaniz. Comput., pp. 1–12, Aug. 2017.

    Google Scholar 

  29. A. Shalaginov, S. Banin, A. Dehghantanha, and K. Franke, Machine learning aided static malware analysis: A survey and tutorial, vol. 70. 2018.

    Google Scholar 

  30. O. M. K. Alhawi, J. Baldwin, and A. Dehghantanha, “Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection,” 2018, pp. 93–106.

    Google Scholar 

  31. S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, and R. Khayami, “BoTShark: A Deep Learning Approach for Botnet Traffic Detection,” Springer, Cham, 2018, pp. 137–153.

    Google Scholar 

  32. J. Gill, I. Okere, H. HaddadPajouh, and A. Dehghantanha, Mobile forensics: A bibliometric analysis, vol. 70. 2018.

    Google Scholar 

  33. A. A. James Baldwin, Omar Alhawi, Simone Shaughnessy and A. Dehghantanha, Emerging from The Cloud: A Bibliometric Analysis of Cloud Forensics Studies. Cyber Threat Intelligence- Springer Book, 2017.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing, Science and Engineering, University of Salford, Manchester, UK

    Paul J. Taylor

  2. Department of Computer Science, School of Computing, Science and Engineering, University of Salford, Manchester, UK

    Tooska Dargahi

  3. Cyber Science Lab, School of Computer Science, University of Guelph, Guelph, ON, Canada

    Ali Dehghantanha

Authors
  1. Paul J. Taylor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tooska Dargahi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ali Dehghantanha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Dehghantanha .

Editor information

Editors and Affiliations

  1. Cyber Science Lab, School of Computer Science, University of Guelph, Guelph, ON, Canada

    Ali Dehghantanha

  2. Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Taylor, P.J., Dargahi, T., Dehghantanha, A. (2019). Analysis of APT Actors Targeting IoT and Big Data Systems: Shell_Crew, NetTraveler, ProjectSauron, CopyKittens, Volatile Cedar and Transparent Tribe as a Case Study. In: Dehghantanha, A., Choo, KK. (eds) Handbook of Big Data and IoT Security. Springer, Cham. https://doi.org/10.1007/978-3-030-10543-3_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-10543-3_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-10542-6

  • Online ISBN: 978-3-030-10543-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation