Abstract
The recent increasing cases released worldwide on espionage require a knowledge systematization study in this area. This paper presents a general scheme of cyber espionage process based on a literature review of remarkable cases which generated news about this topic and includes the malware report analysis made by security vendors. To understand the aspects involved and the approaches employed, we defined a general model to cover all phases used by cyber espionage. Our model considers two main aspects: first, the technical aspect driven by the rapid advance of information and communication technologies (ICT), as well as the software engineering level used by cybercriminals to create sophisticated malware; second, the human aspect influenced by the power struggle between nations and politicians, also considering the lack of technological knowledge or training in organizations. As a result, it allows the attackers using social engineering as the most effective mean for systems intruding.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wangen, G.: The role of malware in reported cyber espionage: a review of the impact and mechanism. Inf. 6(2), 183–211 (2015)
Lallie, H.S., Shepherd, L.A., Nurse, J.R., Erola, A., Epiphaniou, G., Maple, C., Bellekens, X.: Cyber security in the age of covid-19: a timeline and analysis of cyber-crime and cyberat-tacks during the pandemic. Comput. Secur. 105, 102248 (2020)
Ding, Y., Zhou, X., Liu, J., Lin, F., An, J.: Security in cyberspace: issues, challenges and suggestion. In: International Conference on Cyberspace Technology, pp. 428–430 (2013)
Duvenage, P., Solms, S.: The case for cyber counterintelligence. In: 2013 International Conference on Adaptive Science and Technology (ICAST), pp. 1–8 (2013)
Maroto, J.P.: El ciberespionaje y la ciberseguridad. In: La violencia del siglo XXI. Nuevas dimensiones de la guerra, pp. 45–76. Instituto Español de Estudios Estratégicos (2009)
Walubengo, J., Mutemi, M.: Treatment of kenya’s internet intermediaries under the computer misuse and cybercrimes act. Afr. J. Inf. Commun. 21, 1–19 (2018)
Thornburgh, T.: Social engineering. In: Proceedings of the 1st Annual Conference on Information Security Curriculum Development—InfoSecCD, p. 133 (2004)
Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Social engineering attacks on the knowledge worker. In: Proceedings of the 6th International Conference on Security of Information and Networks, SIN, pp. 28–35. ACM, USA (2013)
Niekerk, B., Maharaj, M.: Social media and information conflict. Int. J. Commun. 7, 23 (2013)
Taia. global: Espionage-as-a-service: The tries framework report—Taia global, Inc. (2015)
Sebastian, M., Rivera, R., Kotzias, P., Caballero, J.: Av class: a tool for massive malware labeling. In: Research in Attacks, Intrusions, and Defenses, pp. 230–253 (2016)
Guevara, R.R.: Tools for the detection and analysis of potentially unwanted programs. Ph.D. thesis, ETSI Informatica (2018)
Kotzias, P., Matic, S., Rivera, R., Caballero, J.: Certified PUP: abuse in authenticode code signing. In: ACM Conference on Computer and Communication Security (2015)
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)
Bencsath, B.: Duqu, flame, gauss: followers of stuxnet. In: RSA Conference Europe (2012)
Response, S.S.: Regin: top-tier espionage tool enables stealthy surveillance (2014)
Symantec: Istr20 symantec internet security threat report trends for 2015
FIREEYE: Apt28: a window into Russia’s cyber espionage operations? (2015)
Bonfante, G., Marion, J., Sabatier, F., Thierry, A.: Analysis and diversion of duqu’s driver. In: 2013 8th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), pp. 109–115 (2013)
Sood, A.K., Enbody, R.J.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Privacy 11(1), 54–61 (2013)
Caso, J.: The rules of engagement for cyber-warfare and the Tallinn manual: a case study. In: 2014 IEEE 4th Annual International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER), pp. 252–257 (2014)
Center, M.I.: Apt1: exposing one of China’s cyber espionage units. Mandian.com (2013)
Deibert, R.J., Rohozinski, R., Manchanda, A., Villeneuve, N., Walton, G.: Tracking ghost-net: investigating a cyber espionage network (2009)
Hacking Team: Hacking Team: Remote Control System. https://web.archive.org/web/20180324235809. http://hackingteam.it (2013)
Mandiant, A.: Exposing one of China’s cyber espionage units Feb. 2013
Min, B., Varadharajan, V.: Feature-distributed malware attack: risk and defense. In: Europe—an Symposium on Research in Computer Security, pp. 457–474. Springer (2014)
Nath, H.V., Mehtre, B.M.: Static malware analysis using machine learning methods. In: International Conference on Security in Computer Networks and Distributed Systems, pp. 440–450. Springer (2014)
Response, S.I.: Dragonfly: cyber espionage attacks against energy suppliers (2014)
Wilkinson, C., Eriksen, C., Penman, T.: Into the firing line: civilian ingress during the 2013 “red October” bushfires. Aust. Nat. Hazards 80(1), 521–538 (2016)
Zhioua, S.: The middle east under malware attack dissecting cyber weapons. In: 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, pp. 11–16. IEEE (2013)
Kubitschko, S.: Hackers’ media practices: demonstrating and articulating expertise as inter-locking arrangements. Convergence 21(3), 388–402 (2015)
FIREEYE: Apt28: at the center of the storm (2017)
FIREEYE: Cyber espionage is alive and well: apt32 and the threat to global corporations (2017)
Broadcom: Sowbug: cyber espionage group targets South American and Southeast Asian governments (2017)
SECURELIST: The slingshot apt faq (2018)
FIREEYE: Apt39: an Iranian cyber espionage group focused on personal information (2019)
FIREEYE: Double dragon apt41, a dual espionage and cyber crime operation (2019)
Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: a case study of malware for political espionage. In: 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 102–109 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Rivera, R., Pazmiño, L., Becerra, F., Barriga, J. (2022). An Analysis of Cyber Espionage Process. In: Rocha, Á., Fajardo-Toro, C.H., Rodríguez, J.M.R. (eds) Developments and Advances in Defense and Security . Smart Innovation, Systems and Technologies, vol 255. Springer, Singapore. https://doi.org/10.1007/978-981-16-4884-7_1
Download citation
DOI: https://doi.org/10.1007/978-981-16-4884-7_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-4883-0
Online ISBN: 978-981-16-4884-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)