| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Alaverronen, Sami", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Pohjola, Jussi", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-10-18T06:00:41Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-10-18T06:00:41Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/90108", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Yhdysvallat on jo pitk\u00e4\u00e4n ollut kyberavaruuden johtava valtio, mutta id\u00e4st\u00e4 on nousemassa haastaja. Kiinan yritt\u00e4ess\u00e4 kasvattaa valtaansa kyberavaruudessa on siihen liitettyjen kohdistettujen haittaohjelmahy\u00f6kk\u00e4ysten m\u00e4\u00e4r\u00e4 kasvussa. N\u00e4m\u00e4 kyberhy\u00f6kk\u00e4ykset kohdistuvat sek\u00e4 valtion hallintoon ett\u00e4 yrityksiin p\u00e4\u00e4m\u00e4\u00e4r\u00e4n\u00e4\u00e4n tiedon ker\u00e4\u00e4minen tai muun halutun toimenpiteen suorittaminen. Kyberturvallisuustoimijat voivat puolestaan analysoida kyberhy\u00f6kk\u00e4yksi\u00e4 saadakseen arvokasta kyberuhkatietoa tunkeutumisindikaattoreista sek\u00e4 k\u00e4ytetyist\u00e4 tekniikoista, taktiikoista ja toimintamalleista. N\u00e4it\u00e4 tietoja voidaan tarkentaa edelleen esimerkiksi erilaisin luokitteluin.\nT\u00e4ss\u00e4 tutkimuksessa analysoitiin 41 eri kyberturvallisuusyrityksen raporttia, joissa attribuutio oli m\u00e4\u00e4ritetty Kiinaan liittyviin kohdistettuihin haittaohjelmahy\u00f6kk\u00e4yksiin ja tunnistettiin erilaisia toimintamalleja sis\u00e4ll\u00f6nanalyysin avulla. Lockheed Martinin Cyber Kill Chain- ja MITRE ATT&CK-viitekehyksi\u00e4 k\u00e4ytettiin Kiinaan liitetyiden kohdistettujen haittaohjelmahy\u00f6kk\u00e4ysten taktiikoiden, tekniikoiden ja toimintamallien havaitsemiseen. Tulokset osoittivat, ett\u00e4 kiinalaiset kohdistetut haittaohjelmahy\u00f6kk\u00e4ykset suorittivat ensin kohdeorganisaatioiden tietojen ker\u00e4\u00e4misen. T\u00e4m\u00e4n j\u00e4lkeen kehittiv\u00e4t hy\u00f6kk\u00e4yskyvyn ja toimittivat kyberaseen kohteeseen hy\u00f6dynt\u00e4m\u00e4ll\u00e4 tietojenkalastelua, yleens\u00e4 keih\u00e4skalastelua. Kun kyberase oli toimitettu, komentotulkkia k\u00e4ytettiin kohdej\u00e4rjestelm\u00e4n hy\u00f6dynt\u00e4miseen. Hy\u00f6dynt\u00e4misen j\u00e4lkeen hy\u00f6kk\u00e4ys jatkui webshell-takaportin, takaoven tai vastaavan asentamisella, mink\u00e4 j\u00e4lkeen yhteys komento- ja kontrolliverkkoon avattiin sovelluskerroksen protokollia k\u00e4ytt\u00e4en. Lopuksi hy\u00f6kk\u00e4ys vietiin p\u00e4\u00e4t\u00f6kseen k\u00e4ytt\u00e4m\u00e4ll\u00e4 erilaisia et\u00e4k\u00e4ytt\u00f6ty\u00f6kaluja tietojen varastamiseen tai hy\u00f6kk\u00e4yksen laajentamiseen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "For long, the United States has been the single first tier power in cyberspace, but there is a rising contender from the east. As China is trying to advance their reach in cyberspace, China related Advanced Persistent Threat cyber-attacks are growing in numbers. These Advanced Persistent Threat cyber-attacks target both the government and companies alike in order to gain valuable information or perform other desired actions. Cyber security actors can in turn analyse cyber-attacks to gain valuable cyber threat intelligence from different indicators of compromise to used techniques, tactics, and procedures. This information is further refined by categorizing it for example to a form of a taxonomy. \nThis thesis consisted of an analysis of 41 different cyber security companies\u2019 reports that had been attributed to China related Advanced Persistent Threat cyber-attacks and identified different procedures with content analysis. Lockheed Martin\u2019s Cyber Kill Chain and MITRE ATT&CK frameworks were used to discover China related Advanced Persistent Threat cyber-attack tactics, techniques, and procedures. The results showed that the Chinese APT cyber-attacks relied first on gathering the victim organizations information, then developed capabilities to attack and delivered the weapon to the target by utilizing phishing, usually spear phishing. Once the weapon was delivered, command and scripting interpreter was utilized to exploit the target system. After the exploitation, the attack continued with installation of a web shell, backdoor or something similar and contacted the command-and-control network utilizing application layer protocols. Finally, the attack was concluded using different remote access tools to exfiltrate data or to expand the attack.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-10-18T06:00:41Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-10-18T06:00:41Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "130", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "China", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "advanced persistent threat", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "cyber threat intelligence", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "cyber kill chain", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "MITRE ATT&CK Framework", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Pandas in action : analysis of China related advanced persistent threat actors\u2019 tactics, techniques & procedures", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202310186146", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "sis\u00e4ll\u00f6nanalyysi", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kybersodank\u00e4ynti", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "content analysis", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyberwarfare", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|