| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Karsikas, Jyrki", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2021-05-24T09:58:00Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2021-05-24T09:58:00Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2021", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/75892", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Informaatioekosysteemien muutos on ollut vaikuttamassa kohdennettujen haittaohjelmahy\u00f6kk\u00e4ysten syntyyn. Kohdennetulla haittaohjelmahy\u00f6kk\u00e4yksell\u00e4 tarkoitetaan hy\u00f6kk\u00e4yst\u00e4, miss\u00e4 sofistikoitunut hy\u00f6kk\u00e4\u00e4j\u00e4 toimii tietoverkossa peitellysti ja pitk\u00e4aikaisesti. Nykyp\u00e4iv\u00e4n\u00e4 tiedusteluoperaatioita voidaan suorittaa tietoverkossa l\u00e4hes mist\u00e4 tahansa menem\u00e4tt\u00e4 kohdemaahan. Meneill\u00e4\u00e4n oleva COVID-19-pandemia on siirt\u00e4nyt vakoilun painopistett\u00e4 enemm\u00e4n tietoverkkoihin. Monet valtiot tai niihin liittyv\u00e4t kyberhy\u00f6kk\u00e4ysryhm\u00e4t suorittavat vakoilua tietoverkoissa. Kiina ja Ven\u00e4j\u00e4 kuuluvat suurimpiin toimijoihin kybervakoilussa. Ne ovat my\u00f6s merkitt\u00e4vimm\u00e4t Suomen etuja vastaan tiedustelullisesti toimivat valtiot. T\u00e4ss\u00e4 pro gradu\u2013tutkielmassa k\u00e4siteltiin muutamia valikoituja Kiinaan ja Ven\u00e4j\u00e4\u00e4n liitettyj\u00e4 kyberhy\u00f6kk\u00e4ysryhmi\u00e4. Tutkielman p\u00e4\u00e4tutkimuskysymyksess\u00e4 tarkasteltiin kyseisten valtioiden ja niihin liittyvien kyberhy\u00f6kk\u00e4ysryhmien eroja. Ennen varsinaista p\u00e4\u00e4tutkimuskysymykseen vastaamista pyrittiin selvitt\u00e4m\u00e4\u00e4n yht\u00e4l\u00e4isyyksi\u00e4 erikseen Kiinaan sek\u00e4 Ven\u00e4j\u00e4\u00e4n liittyvien ryhmien toiminnassa sek\u00e4 ty\u00f6kaluissa, tekniikoissa ja proseduureissa. Tutkimusstrategiana k\u00e4ytettiin monitapaustutkimusta, joka soveltuu hyvin t\u00e4m\u00e4n tyyppiseen tutkimukseen, jossa on useita tarkasteltavia tapauksia ja hy\u00f6dynnet\u00e4\u00e4n erityyppisi\u00e4 tiedonker\u00e4ysmenetelmi\u00e4. Tutkimus on my\u00f6s aineistol\u00e4ht\u00f6ist\u00e4, joten t\u00e4ss\u00e4 tutkimuksessa k\u00e4ytettiin kvalitatiivista tutkimusotetta. Tiedon ker\u00e4\u00e4misen ohjaukseen hy\u00f6dynnettiin kyberattribuutiomallia, joka toimi my\u00f6s analyysity\u00f6kaluna yhdess\u00e4 MITRE:n ATT&CK-kehyksen kanssa. Tutkitut kyberhy\u00f6kk\u00e4ysryhm\u00e4t olivat Kiinaan liittyv\u00e4t APT3, APT10 ja APT41 sek\u00e4 Ven\u00e4j\u00e4\u00e4n liittyv\u00e4t APT28, APT29 ja Turla. Tutkimustuloksista k\u00e4y ilmi, ett\u00e4 kiinalaiset kyberhy\u00f6kk\u00e4ysryhm\u00e4t tekev\u00e4t yhteisty\u00f6t\u00e4 ja jakavat muun muassa ty\u00f6kaluja. Sen sijaan ven\u00e4l\u00e4isten ryhmien osalta ty\u00f6kalujen jakamisesta ei ole havaintoja, sill\u00e4 niiden operaatioissa operaatioturvallisuuden merkitys korostuu. Vasta viimeisimm\u00e4lt\u00e4 vuodelta on noussut esiin ep\u00e4ilys kahden ven\u00e4l\u00e4isen ryhm\u00e4n yhteisty\u00f6st\u00e4. Varsinaisten tutkimuskysymyksien ulkopuolelta nousikin esiin alustava havainto, ett\u00e4 COVID-19-pandemia on voinut muuttaa ryhmien toimintaa enemm\u00e4n yhteisty\u00f6ss\u00e4 tehtyjen operaatioiden suuntaan ja niill\u00e4 on my\u00f6s mahdollisesti pyritty saamaan taloudellista etua vakoilun lis\u00e4ksi.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The change in the information ecosystems has been influencing the emergence of advanced persistent threats. Advanced persistent threat means an attack in which a sophisticated attacker acts in disguise and for a long time on a computer network. Today, intelligence operations can be performed on a computer network from almost anywhere without going to the target country. The ongoing COVID-19 pandemic has shifted the focus of espionage more to networks. Many states or their associated cyberattack groups conduct espionage on networks. China and Russia are among the largest players in cyber espionage and are also the largest states that act against Finland\u2019s interests through espionage. This master\u2019s thesis addressed a few selected APT groups attributed to China and Russia. The main research question looked at the differences between these countries and their associated APT groups. Prior to answering it, the aim was to find out the similarities in the activities of the groups related to both China and Russia separately. A multiple case study was used as the research strategy. It is well suited for this type of research. The research is also data-driven, so a qualitative research approach was used too. A cyber attribution model was used to control data collection. It also served as an analysis tool with the MITRE\u2019s ATT&CK framework. The APT groups re-searched are APT3, APT10 and APT41 related to China and APT28, APT29 and Turla related to Russia. The research results show that Chinese groups work together and share tools, among other things. In contrast, there are no observations of Russian groups sharing tools. In their operations, the importance of operational security was emphasized. A preliminary observation emerged from outside the research questions about a possible change towards cooperation in the activities of the groups during the COVID-19 pandemic. Operations may also have sought to gain an economic advantage.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2021-05-24T09:58:00Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2021-05-24T09:58:00Z (GMT). No. of bitstreams: 0\n Previous issue date: 2021", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "95", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "haittaohjelmahy\u00f6kk\u00e4ys", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "kyberhy\u00f6kk\u00e4ysryhm\u00e4", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Kiina", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "uhkamalli", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Monitapaustutkimus valikoiduista Kiinaan ja Ven\u00e4j\u00e4\u00e4n liitetyist\u00e4 kyberhy\u00f6kk\u00e4ysryhmist\u00e4 : kohdennetut haittaohjelmahy\u00f6kk\u00e4ykset", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202105243151", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "haittaohjelmat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Ven\u00e4j\u00e4", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "vakoilu", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Aineistoon p\u00e4\u00e4sy\u00e4 on rajoitettu tekij\u00e4noikeussyist\u00e4. Aineisto on luettavissa Jyv\u00e4skyl\u00e4n yliopiston kirjaston <a href=\"https://kirjasto.jyu.fi/kokoelmat/arkistotyoasema\">arkistoty\u00f6asemalta</a>.", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "<br><br>This material has a restricted access due to copyright reasons. It can be read at the <a href=\"https://kirjasto.jyu.fi/collections/archival-workstation\">workstation</a> at Jyv\u00e4skyl\u00e4 University Library reserved for the use of archival materials.", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|