Skip to main content
SpringerLink
Log in

An Analysis of Cyber Espionage Process

  • Conference paper
  • First Online:
Developments and Advances in Defense and Security

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 255))

Abstract

The recent increasing cases released worldwide on espionage require a knowledge systematization study in this area. This paper presents a general scheme of cyber espionage process based on a literature review of remarkable cases which generated news about this topic and includes the malware report analysis made by security vendors. To understand the aspects involved and the approaches employed, we defined a general model to cover all phases used by cyber espionage. Our model considers two main aspects: first, the technical aspect driven by the rapid advance of information and communication technologies (ICT), as well as the software engineering level used by cybercriminals to create sophisticated malware; second, the human aspect influenced by the power struggle between nations and politicians, also considering the lack of technological knowledge or training in organizations. As a result, it allows the attackers using social engineering as the most effective mean for systems intruding.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 379.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wangen, G.: The role of malware in reported cyber espionage: a review of the impact and mechanism. Inf. 6(2), 183–211 (2015)

    Google Scholar 

  2. Lallie, H.S., Shepherd, L.A., Nurse, J.R., Erola, A., Epiphaniou, G., Maple, C., Bellekens, X.: Cyber security in the age of covid-19: a timeline and analysis of cyber-crime and cyberat-tacks during the pandemic. Comput. Secur. 105, 102248 (2020)

    Google Scholar 

  3. Ding, Y., Zhou, X., Liu, J., Lin, F., An, J.: Security in cyberspace: issues, challenges and suggestion. In: International Conference on Cyberspace Technology, pp. 428–430 (2013)

    Google Scholar 

  4. Duvenage, P., Solms, S.: The case for cyber counterintelligence. In: 2013 International Conference on Adaptive Science and Technology (ICAST), pp. 1–8 (2013)

    Google Scholar 

  5. Maroto, J.P.: El ciberespionaje y la ciberseguridad. In: La violencia del siglo XXI. Nuevas dimensiones de la guerra, pp. 45–76. Instituto Español de Estudios Estratégicos (2009)

    Google Scholar 

  6. Walubengo, J., Mutemi, M.: Treatment of kenya’s internet intermediaries under the computer misuse and cybercrimes act. Afr. J. Inf. Commun. 21, 1–19 (2018)

    Google Scholar 

  7. Thornburgh, T.: Social engineering. In: Proceedings of the 1st Annual Conference on Information Security Curriculum Development—InfoSecCD, p. 133 (2004)

    Google Scholar 

  8. Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Social engineering attacks on the knowledge worker. In: Proceedings of the 6th International Conference on Security of Information and Networks, SIN, pp. 28–35. ACM, USA (2013)

    Google Scholar 

  9. Niekerk, B., Maharaj, M.: Social media and information conflict. Int. J. Commun. 7, 23 (2013)

    Google Scholar 

  10. Taia. global: Espionage-as-a-service: The tries framework report—Taia global, Inc. (2015)

    Google Scholar 

  11. Sebastian, M., Rivera, R., Kotzias, P., Caballero, J.: Av class: a tool for massive malware labeling. In: Research in Attacks, Intrusions, and Defenses, pp. 230–253 (2016)

    Google Scholar 

  12. Guevara, R.R.: Tools for the detection and analysis of potentially unwanted programs. Ph.D. thesis, ETSI Informatica (2018)

    Google Scholar 

  13. Kotzias, P., Matic, S., Rivera, R., Caballero, J.: Certified PUP: abuse in authenticode code signing. In: ACM Conference on Computer and Communication Security (2015)

    Google Scholar 

  14. Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)

    Article  Google Scholar 

  15. Bencsath, B.: Duqu, flame, gauss: followers of stuxnet. In: RSA Conference Europe (2012)

    Google Scholar 

  16. Response, S.S.: Regin: top-tier espionage tool enables stealthy surveillance (2014)

    Google Scholar 

  17. Symantec: Istr20 symantec internet security threat report trends for 2015

    Google Scholar 

  18. FIREEYE: Apt28: a window into Russia’s cyber espionage operations? (2015)

    Google Scholar 

  19. Bonfante, G., Marion, J., Sabatier, F., Thierry, A.: Analysis and diversion of duqu’s driver. In: 2013 8th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), pp. 109–115 (2013)

    Google Scholar 

  20. Sood, A.K., Enbody, R.J.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Privacy 11(1), 54–61 (2013)

    Google Scholar 

  21. Caso, J.: The rules of engagement for cyber-warfare and the Tallinn manual: a case study. In: 2014 IEEE 4th Annual International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER), pp. 252–257 (2014)

    Google Scholar 

  22. Center, M.I.: Apt1: exposing one of China’s cyber espionage units. Mandian.com (2013)

    Google Scholar 

  23. Deibert, R.J., Rohozinski, R., Manchanda, A., Villeneuve, N., Walton, G.: Tracking ghost-net: investigating a cyber espionage network (2009)

    Google Scholar 

  24. Hacking Team: Hacking Team: Remote Control System. https://web.archive.org/web/20180324235809. http://hackingteam.it (2013)

  25. Mandiant, A.: Exposing one of China’s cyber espionage units Feb. 2013

    Google Scholar 

  26. Min, B., Varadharajan, V.: Feature-distributed malware attack: risk and defense. In: Europe—an Symposium on Research in Computer Security, pp. 457–474. Springer (2014)

    Google Scholar 

  27. Nath, H.V., Mehtre, B.M.: Static malware analysis using machine learning methods. In: International Conference on Security in Computer Networks and Distributed Systems, pp. 440–450. Springer (2014)

    Google Scholar 

  28. Response, S.I.: Dragonfly: cyber espionage attacks against energy suppliers (2014)

    Google Scholar 

  29. Wilkinson, C., Eriksen, C., Penman, T.: Into the firing line: civilian ingress during the 2013 “red October” bushfires. Aust. Nat. Hazards 80(1), 521–538 (2016)

    Article  Google Scholar 

  30. Zhioua, S.: The middle east under malware attack dissecting cyber weapons. In: 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, pp. 11–16. IEEE (2013)

    Google Scholar 

  31. Kubitschko, S.: Hackers’ media practices: demonstrating and articulating expertise as inter-locking arrangements. Convergence 21(3), 388–402 (2015)

    Article  Google Scholar 

  32. FIREEYE: Apt28: at the center of the storm (2017)

    Google Scholar 

  33. FIREEYE: Cyber espionage is alive and well: apt32 and the threat to global corporations (2017)

    Google Scholar 

  34. Broadcom: Sowbug: cyber espionage group targets South American and Southeast Asian governments (2017)

    Google Scholar 

  35. SECURELIST: The slingshot apt faq (2018)

    Google Scholar 

  36. FIREEYE: Apt39: an Iranian cyber espionage group focused on personal information (2019)

    Google Scholar 

  37. FIREEYE: Double dragon apt41, a dual espionage and cyber crime operation (2019)

    Google Scholar 

  38. Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: a case study of malware for political espionage. In: 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 102–109 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Escuela de Formación de Tecnólogos, Escuela Politécnica Nacional, Quito, Ecuador

    Richard Rivera, Leandro Pazmiño & Fernando Becerra

  2. Facultad de Ingeniería de Sistemas, Escuela Politécnica Nacional, Quito, Ecuador

    Jhonattan Barriga

Authors
  1. Richard Rivera
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Leandro Pazmiño
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fernando Becerra
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jhonattan Barriga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Richard Rivera .

Editor information

Editors and Affiliations

  1. ISEG, University of Lisbon, Lisbon, Portugal

    Álvaro Rocha

  2. Fundación Universitaria Konrad Lorenz, Bogota, Colombia

    Carlos Hernan Fajardo-Toro

  3. Escuela Naval Almirante Padilla, Cartagena, Colombia

    José María Riola Rodríguez

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rivera, R., Pazmiño, L., Becerra, F., Barriga, J. (2022). An Analysis of Cyber Espionage Process. In: Rocha, Á., Fajardo-Toro, C.H., Rodríguez, J.M.R. (eds) Developments and Advances in Defense and Security . Smart Innovation, Systems and Technologies, vol 255. Springer, Singapore. https://doi.org/10.1007/978-981-16-4884-7_1

Download citation

Publish with us

Policies and ethics

Search

Navigation