| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "H\u00f6n\u00f6, Olli", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-12-13T07:22:15Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-12-13T07:22:15Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/92296", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4m\u00e4n tutkimuksen tavoitteena oli tutkia miten kaikista kehittyneimm\u00e4t kyberhy\u00f6kk\u00e4yksi\u00e4 tekev\u00e4t ryhm\u00e4t toimivat. Tutkimuksen kohde valittiin koska aiheesta ei ole merkitt\u00e4v\u00e4sti vertaisarvioitua tutkimusta, vaikka dataa ryhmist\u00e4 on julkisesti saatavilla. Tutkittaviksi ryhmiksi valikoitui APT28, APT29 ja Turla, kaikki kolme ovat Ven\u00e4j\u00e4\u00e4n liitettyj\u00e4 ryhmi\u00e4. Ven\u00e4j\u00e4\u00e4n liitetyt ryhm\u00e4t valittiin, koska n\u00e4m\u00e4 ryhm\u00e4t tunnetaan aktiivisina, ryhmi\u00e4 on yhdistetty useisiin korkean profiilin hy\u00f6kk\u00e4yksiin ja ryhmist\u00e4 on reilusti tietoa saatavilla. N\u00e4iden ryhmien toimintaa tutkittiin analysoimalla dataa, joka ryhmist\u00e4 on saatavilla eri kyberturvallisuusalan toimijoilta. Tutkimuskysymyksiksi valikoitui \u201dMiten Ven\u00e4j\u00e4\u00e4n liitetyt kehittyneet kyberhy\u00f6kk\u00e4yksi\u00e4 tekev\u00e4t ryhm\u00e4t toimivat?\u201d ja \u201dOnko Ven\u00e4j\u00e4\u00e4n liitetyill\u00e4 kehittyneill\u00e4 kyberhy\u00f6kk\u00e4yksi\u00e4 tekevill\u00e4 ryhmill\u00e4 kesken\u00e4\u00e4n samanlaiset toimintatavat?\u201d \nTutkimus toteutettiin k\u00e4ytt\u00e4m\u00e4ll\u00e4 kvalitatiivista sis\u00e4ll\u00f6nanalyysi\u00e4 tutkimusmenetelm\u00e4n\u00e4. Tutkimuksen apuna k\u00e4ytettiin my\u00f6s mallia, joka on luotu kyberhy\u00f6kk\u00e4yksien tutkimiseen. T\u00e4m\u00e4 malli antoi rakenteen, jolla pystyttiin kategorisoimaan ja vertailemaan ryhmien k\u00e4ytt\u00e4mi\u00e4 taktiikoita, tekniikoita ja toimintatapoja. N\u00e4ist\u00e4 tunnistetuista taktiikoista, tekniikoista ja toimintatavoista luotiin malli, jolla kuvattiin kunkin ryhm\u00e4n tekemi\u00e4 hy\u00f6kk\u00e4yksi\u00e4. N\u00e4iden datasta tunnistettujen taktiikoiden, tekniikoiden, toimintatapojen ja mallien avulla vastattiin tutkimuskysymyksiin.\nTutkimus osoitti, ett\u00e4 n\u00e4m\u00e4 tutkitut ryhm\u00e4t toimivat k\u00e4ytt\u00e4m\u00e4ll\u00e4 laajaa valikoimaa taktiikoita, tekniikoita ja toimintatapoja. Ryhm\u00e4t kykenev\u00e4t vaihtamaan k\u00e4ytt\u00e4mi\u00e4\u00e4n taktiikoita, tekniikoita ja toimintatapoja tarvittaessa. Tutkitut ryhm\u00e4t k\u00e4ytt\u00e4v\u00e4t yleens\u00e4 hy\u00f6kk\u00e4yksiss\u00e4\u00e4n haitallisia s\u00e4hk\u00f6posteja tai houkuttelevat heid\u00e4n uhrinsa murretuille verkkosivuille, joihin on lis\u00e4tty haitallista sis\u00e4lt\u00f6\u00e4. Ryhmien hy\u00f6kk\u00e4yksiss\u00e4 on yleens\u00e4 tavoitteena arkaluonteisen tai salaisen tiedon varastaminen. Tutkimus my\u00f6s osoitti, ett\u00e4 ryhm\u00e4t toimivat yleisesti ottaen samoilla toimintatavoilla. Joitakin eroja ryhmien toimintavavoissa oli kuitenkin l\u00f6ydett\u00e4viss\u00e4.\nL\u00f6ydetyt yht\u00e4l\u00e4isyydet ryhmien toimintatavoissa antavat puolustajille kohteita, joihin voidaan keskitty\u00e4 ja mahdollisesti est\u00e4\u00e4 kaikkien ryhmien hy\u00f6kk\u00e4yksi\u00e4. L\u00f6ydetyt eri\u00e4v\u00e4isyydet ryhmien kesken antavat tutkijoille mahdollisia jatkotutkimuksien kohteita.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The goal of this thesis was to study how the most advanced and sophisticated cyberattack groups, also known as Advanced Persistent Threat (APT) groups, operate. This was done by analysing data that has been made available by the cyber security industry on APT28, APT29, and Turla, all APT groups that have been connected to Russia. Russian connected groups were chosen because these groups have been considered as particularly active, the groups have been connected to high-profile attacks, and there exists a large amount of data on the groups. The goal of the thesis was motivated by the lack of peer-reviewed research on this topic despite the publicly available data on these groups. The thesis answered the questions \u201cHow do APT groups connected to Russia operate?\u201d and \u201cDo APT groups connected to Russia operate in a similar manner?\u201d.\nThe research was conducted by performing qualitative content analysis on the data that is available about these cyberattack groups. A model called the Unified Kill Chain, which was designed to increase the understanding of advanced cyberattacks, was used in the analysis to provide additional structure. The model provided ways to categorize and compare various tactics, techniques, and procedures used by the groups that were studied. The tactics, techniques, and procedures that were identified were used to create models which depict identified attacks by these groups. These tactics, techniques, procedures, and the models which were identified from the data were then used to answer the research questions.\nThe thesis showed that the cyberattack groups that were chosen to be studied operate with a wide selection of tactics, techniques, and procedures. The groups are capable of changing their tactics, techniques, and procedures if necessary. These groups generally perform their attacks by using malicious emails or by luring their victims into a compromised website with malicious content. These groups generally attack for the purpose of stealing sensitive information. The research also showed that the groups that were studied operate in mostly similar manners. However, some differences could be identified between the groups.\nThe commonalities among the groups show areas where defenders can focus on and hinder the activities of all of these groups. The differences identified between the groups can potentially offer analysts or researchers points to focus on in future work.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-12-13T07:22:15Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-12-13T07:22:15Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "131", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "Advanced Persistent Threat", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "APT", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "APT-ryhm\u00e4t", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "From moonlight maze to solarwinds : how Russian APT groups operate?", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202312138287", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "menettelyt", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tekniikat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "taktiikka", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "procedures", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "techniques", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tactics", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber attacks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|