Survey of publicly available reports on advanced persistent threat actors

Computers and Security

Volumn 72, Issue , 2018, Pages 26-59

  Lemay, Antoine ^a   Calvet, Joan ^b   Menet, François ^a   Fernandez, José M ^a  

^a ÉCOLE POLYTECHNIQUE DE MONTRÉAL   (Canada)

^b PNF Software   (Canada)

Author keywords

Advanced Persistent Threat (APT); Cyber attacks; Cyber espionage; Targeted attacks; Targeted malware

Indexed keywords

COMPUTER CRIME; CRIME; NETWORK SECURITY; PERSONAL COMPUTING; SURVEYS;

ADVANCED PERSISTENT THREAT (APT); CYBER ESPIONAGE; CYBER-ATTACKS; DEMOCRATIC NATIONAL COMMITTEE; INTERNET RESOURCES; MILITARY PERSONNELS; MULTIPLE REGIONS; TARGETED ATTACKS;

MALWARE;

EID: 85029364817     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2017.08.005     Document Type: Article

References (195)

1. Alperovitch, D., Revealed: operation shady RAT. [Online]; Available from: http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf, 2011. Accessed Date 11 January 2017.
2. Alperovitch, D., Deep in thought: Chinese targeting of National Security Think Tanks. Crowdstrike, 7 July; [Online]; Available from: https://www.crowdstrike.com/blog/deep-thought-chinese-targeting-national-security-think-tanks/, 2014. Accessed Date 11 January 2017.
3. Alperovitch, D., CrowdStrike discovers use of 64-bit zero-day privilege escalation exploit (CVE-2014-4113) by Hurricane Panda. Crowdstrike, 14 October; [Online]; Available from: https://www.crowdstrike.com/blog/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/, 2014. Accessed Date 11 January 2017.
4. Alperovitch, D., Cyber deterrence in action? A story of one long HURRICANE PANDA campaign. Crowdstrike, 13 April; [Online]; Available from: https://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/, 2015. Accessed Date 11 January 2017.
5. Alperovitch, D., Bears in the midst: Intrusion into the Democratic National Committee. Crowdstrike, 15 June; [Online]; Available from https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/, 2016. Accessed Date 12 January 2017.
6. ASERT Threat Intelligence, Arbor threat intelligence brief 2014-07 - illuminating the etumbot APT backdoor. June; [Online]; Available from: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf, 2014. Accessed Date 11 January 2017.
7. Bailey, M., MATRYOSHKA MINING lessons from operation RussianDoll. January; [Online]; Available from: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2016/2016.03.09.Operation_RussianDoll/wp-mandiant-matryoshka-mining.pdf, 2016. Accessed Date 12 January 2017.
8. Barnes, J.E., Pentagon computer networks attacked. Los Angeles Times, 28 November; [Online]; Available from: http://articles.latimes.com/2008/nov/28/nation/na-cyberattack28, 2008. Accessed Date 31 January 2017.
9. Bartholomew, B., KopiLuwak: a new JavaScript payload from Turla. Kaspersky, 2 February; [Online]; Available from: https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-from-turla/, 2017. Accessed Date 2 February 2017.
10. Baumgartner, K., The Spring Dragon APT. Kaspersky Labs, 17 June; [Online]; Available from: https://securelist.com/blog/research/70726/the-spring-dragon-apt/, 2015. Accessed Date 11 January 2017.
11. Baumgartner, K., Golovkin, M., The Naikon APT. Kaspersky, 14 May; [Online]; Available from: https://securelist.com/analysis/publications/69953/the-naikon-apt/, 2015. Accessed Date 4 February 2017.
12. Baumgartner, K., Golovkin, M., The MsnMM campaigns – the earliest Naikon APT campaigns. May; [Online]; Available from: https://securelist.com/files/2015/05/TheNaikonAPT-MsnMM1.pdf, 2015. Accessed Date 11 January 2017.
13. BAE Systems Apllied Intelligence, SNAKE CAMPAIGN. CYBER ESPIONAGE TOOLKIT. [Online]; Available from: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/snake_whitepaper.pdf, 2014. Accessed Date 12 January 2017.
14. Bitdefender, APT28 under the scope a journey into exfiltrating intelligence and government information. December; [Online]; Available from: https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf, 2015. Accessed Date 12 January 2017.
15. Blasco, J., Operation BlockBuster unveils the actors behind the Sony attacks. Alien Vault, 24 February; [Online]; Available from: https://www.alienvault.com/blogs/labs-research/operation-blockbuster-unveils-the-actors-behind-the-sony-attacks, 2016. Accessed Date 11 January 2017.
16. Boutin, J.-I., Targeted information stealing attacks in South Asia use email, signed binaries. ESET, 16 May; [Online]; Available from: http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/, 2013. Accessed Date 11 January 2017.
17. Brod, Beware BlackEnergy if involved in Europe/Ukraine diplomacy. F-Secure, 30 June; [Online]; Available from: https://www.f-secure.com/weblog/archives/00002721.html, 2014. Accessed Date 27 January 2017.
18. Bronk, C., Tikk-Ringas, E., Hack or attack? Shamoon and the evolution of cyber conflict. Survival, Global Politics and Strategy, March, 2013.
19. Calvet, J., Sednit Espionage Group attacking air-gapped networks. ESET, 11 November; [Online]; Available from: http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/, 2014. Accessed Date 12 January 2017.
20. Calvet, J., The Sednit Group: “Cyber” espionage in Eastern Europe. In NorthSec, Montreal, 2015.
21. Calvet, J., Casper malware: after Babar and Bunny, another espionage cartoon. ESET, 5 March; [Online]; Available from: http://www.welivesecurity.com/2015/03/05/casper-malware-babar-bunny-another-espionage-cartoon/, 2015. Accessed Date 11 January 2017.
22. Calvet, J., Dino – the latest spying malware from an allegedly French espionage group analyzed. ESET, 30 June; [Online]; Available from: http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/, 2015. Accessed Date 11 January 2017.
23. Calvet, J., Campos, J., Dupuy, T., Visiting the bear den a journey in the land of (Cyber-)espionage. In RECon, Montreal, 2016.
24. Chang, Y.H., Singh, S., APT group sends spear phishing emails to Indian Government Officials. FireEye, 3 June; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html, 2016. Accessed Date 11 January 2017.
25. Chang, Z., Lu, K., Luo, A., Pernet, C., Yaneza, J., Operation iron tiger: exploring Chinese cyber-espionage attacks on United States defense contractors. [Online]; Available from: https://www.erai.com/CustomUploads/ca/wp/2015_12_wp_operation_iron_tiger.pdf, 2015. Accessed Date 11 January 2017.
26. Checkpoint Software Technologies, Rocket Kitten: a campaign with 9 lives. [Online]; Available from: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf, 2015. Accessed Date 11 January 2017.
27. Checkpoint Software Technologies, Volatile cedar. 30 March; [Online]; Available from: https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf, 2015. Accessed Date 11 January 2017.
28. Chen, X., Scott, M., Caselden, D., New zero-day exploit targeting internet explorer versions 9 through 11 identified in targeted attacks. FireEye, 26 April; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html, 2014. Accessed Date 11 January 2017.
29. Cherepanov, A., BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. ESET, 3 January; [Online]; Available from: http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/, 2016. Accessed Date 12 January 2017.
30. Clearsky, Gholee – a “protective edge” themed spear phishing campaign. Clearsky, 4 September; [Online]; Available from: http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/, 2014. Accessed Date 1 February 2017.
31. Clearsky, Thamar Reservoir An Iranian cyber-attack campaign against targets in the Middle east. June; [Online]; Available from: http://www.clearskysec.com/wp-content/uploads/2015/06/Thamar-Reservoir-public1.pdf, 2015. Accessed Date 2 February 2017.
32. Clearsky – Cyber security, Operation DustySky. January; [Online]; Available from: http://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf, 2016. Accessed Date 11 January 2017.
33. Cluley, G., New ESET research paper puts Sednit under the microscope. ESET, October; [Online]; Available from: http://www.welivesecurity.com/2016/10/20/new-eset-research-paper-puts-sednit-under-the-microscope/, 2016. Accessed Date 12 January 2017.
34. Coogan, P., Targeted attacks make WinHelp files not so helpful. Symantec, 15 October; [Online]; Available from: https://www.symantec.com/connect/blogs/targeted-attacks-make-winhelp-files-not-so-helpful, 2012. Accessed Date 11 January 2017.
35. Creus, D., Halfpop, T., Falcone, R., Sofacy's ‘Komplex’ OS X Trojan. PaloAlto Networks, 26 September; [Online]; Available from: http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/, 2016. Accessed Date 12 January 2017.
36. Crowdstrike Global Intelligence Team, CrowdStrike intelligence report – Putter Panda. [Online]; Available from: https://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf, 2014. Accessed Date 11 January 2017.
37. Crowdstrike Global Intelligence Team, Use of Fancy BearAndroid malware in tracking of Ukrainian field artillery unit. 22 December; [Online]; Available from: https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf, 2016. Accessed Date 27 January 2017.
38. Cutler, S., Threat analysis – The Mirage Campaign. Dell SecureWorks, 18 September; [Online]; Available from: https://www.secureworks.com/research/the-mirage-campaign, 2012. Accessed Date 11 January 2017.
39. Cylance, #OPCLEAVER. [Online]; Available from: https://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf, 2014. Accessed Date 11 January 2017.
40. Dahl, M., The French connection: French aerospace-focused CVE-2014-0322 attack shares similarities with 2012 capstone turbine activity. Crowdstrike, 25 February; [Online]; Available from: https://www.crowdstrike.com/blog/french-connection-french-aerospace-focused-cve-2014-0322-attack-shares-similarities-2012/, 2014. Accessed Date 11 January 2017.
41. Dahl, M., Cat scratch fever: CrowdStrike tracks newly reported Iranian actor as FLYING KITTEN. Crowdstrike, 13 May; [Online]; Available from: https://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/, 2014. Accessed Date 11 January 2017.
42. Dahms, T., Molerats, Here for Spring!. FireEye, 2 June; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2014/06/molerats-here-for-spring.html, 2014. Accessed Date 11 January 2017.
43. Daly, M.K., The advanced persistent threat (or informationized force operations). In 23rd Large Installation System Administration Conference (LISA), Baltimore, 2009.
44. Dell SecureWorks Counter Threat Unit™ Threat Intelligence, Threat analysis – threat group 3390 cyberespionage. Dell SecureWorks, 5 August; [Online]; Available from: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage?_ga=1.132970126.1294297346.1479934134, 2015. Accessed Date 11 January 2017.
45. Dennesen, K., Hide and Seek: How Threat Actors Respond in the Face of Public Exposure. In RSA Conference, San Francisco, 2016.
46. Dereszowski, A., Turla – development & operations. In FIRST, Tbilisi, 2014.
47. Dereszowski, A., Andrzej Dereszowski – Turla: Development & Operations [Rooted CON 2015 - ENG]. Spain, 2015.
48. DiMaggio, J., The Black Vine cyberespionage group. 6 August; [Online]; Available from: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf, 2016. Accessed Date 11 January 2017.
49. Doherty, S., Gegeny, J., Spasojevic, B., Baltazar, J., Hidden lynx – professional hackers for hire. 17 September; [Online]; Available from: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf, 2013. Accessed Date 11 January 2017.
50. Doman, C., Moonlight – targeted attacks in the Middle East. Vectra, 26 October; [Online]; Available from: https://blog.vectranetworks.com/blog/moonlight-middle-east-targeted-attacks, 2016. Accessed Date 3 February 2017.
51. Ducklin, P., The “Sandworm” malware – what you need to know. Sophos, 15 October; [Online]; Available from: https://nakedsecurity.sophos.com/2014/10/15/the-sandworm-malware-what-you-need-to-know/, 2014. Accessed Date 12 January 2017.
52. Eng, E., Caselden, D., Operation Clandestine wolf – adobe flash zero-day in APT3 phishing campaign. FireEye, 23 June; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html, 2015. Accessed Date 11 January 2017.
53. ESET Research, Sednit espionage group now using custom exploit kit. ESET, 8 October; [Online]; Available from: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/, 2014. Accessed Date 27 January 2017.
54. ESET Research, Miniduke still duking it out. ESET, 20 May; [Online]; Available from: http://www.welivesecurity.com/2014/05/20/miniduke-still-duking/, 2014. Accessed Date 30 January 2017.
55. Evron, G., Werner, T., Rocket Kitten: advanced off-the-shelf targeted attacks against nation states. In 31c3 Chaos Communication Congress, Hamburg, 2014.
56. F-Secure labs Security Response, COZYDUKE. [Online]; Available from: https://www.f-secure.com/documents/996508/1030745/CozyDuke, 2015. Accessed Date 11 January 2017.
57. F-Secure Labs Security Response, BLACKENERGY & QUEDAGH. [Online]; Available from: https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf, 2014. Accessed Date 27 January 2017.
58. F-Secure Labs Security Response, COSMICDUKE – Cosmu with a twist of MiniDuke. [Online]; Available from: https://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdf, 2014. Accessed Date 11 January 2017.
59. F-Secure Labs Threat Intelligence, THE DUKES - 7 years of Russian cyberespionage. September; [Online]; Available from: https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf, 2015. Accessed Date 12 January 2017.
60. Fagerland, S., Systematic cyber attacks against Israeli and Palestinian targets going on for a year. November; [Online]; Available from: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_and_Palestinian_targets.pdf, 2012. Accessed Date 11 January 2017.
61. Falcone, R., Lee, B., New sofacy attacks against US government agency. PaloAlto Networks, 14 June; [Online]; Available from: https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/research/unit42-operation-lotus-blossom, 2016. Accessed Date 12 January 2017.
62. Falcone, R., Grunzweig, J., Miller-Osborn, J., Olson, R., Operation lotus blossom. [Online]; Available from: https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/research/unit42-operation-lotus-blossomath%3D%2Fcontent%2Fpan%2Fen_US%2Fresource, 2015. Accessed Date 11 January 2017.
63. Falliere, N., Murchu, L.O., Chien, E., W32.Stuxnet Dossier version 1.4. Symantec Security Response, 2011.
64. FBI National Press Office, Update on Sony investigation. United States Government, 19 December; [Online]; Available from: https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation, 2014. Accessed Date 11 January 2017.
65. Federal Bureau of Investigations, FBI liaison alert system #A-000049-MW. February; [Online]; Available from: http://krebsonsecurity.com/wp-content/uploads/2015/02/FBI-Flash-Warning-Deep-Panda.pdf, 2015. Accessed Date 11 January 2017.
66. Fire Eye Threat Intelligence, HAMMERTOSS: stealthy tactics define a Russian cyber threat group. July; [Online]; Available from: https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf, 2015. Accessed Date 12 January 2017.
67. FireEye, APT28: a window Inot Russia's Cyber espionage operations?. FireEye, October; [Online]; Available from: http://www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf, 2014. Accessed Date 12 January 2017.
68. FireEye Labs / FireEye Threat Intelligence, Hiding in plain sight: FireEye and Microsoft expose obfuscation tactic. FireEye, Milpitas, CA, 2015.
69. FireEye Labs / FireEye Threat Intelligence, APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION – how a cyber threat group exploited governments and commercial entities across Southeast Asia and India for over a decade. FireEye, 2015.
70. FireEye Threat Intelligence, PINPOINTING TARGETS: exploiting web analytics to Ensnare victims. November; [Online]; Available from: https://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf, 2015. Accessed Date 12 January 2017.
71. Fisher, D., Energy watering hole attack used lightsout exploit kit. Threatpost, 13 March; [Online]; Available from: https://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit-kit/104772/, 2014. Accessed Date 11 January 2017.
72. Gallagher, S., Iranians hacked Navy network for four months? Not a surprise. Ars Technica, 19 February; [Online]; Available from: https://arstechnica.com/information-technology/2014/02/iranians-hacked-navy-network-for-4-months-not-a-surprise/, 2014. Accessed Date 2 February 2017.
73. GData, Uroburos highly complex espionage software with Russian roots. February; [Online]; Available from: https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf, 2014. Accessed Date 12 January 2017.
74. Global Research & Analysis Team, miniFlame aka SPE: “Elvis and his friends”. Kaspersky, 15 October; [Online]; Available from: https://securelist.com/analysis/publications/68560/miniflame-aka-spe-elvis-and-his-friends/, 2012. Accessed Date 1 February 2017.
75. Global Research and Analysis Team, The NetTraveler (aka ‘Travnet’). April; [Online]; Available from: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf, 2011. Accessed Date 11 January 2017.
76. Global Research and Analysis Team, “Red October” diplomatic cyber attacks investigation. Kaspersky, 14 January; [Online]; Available from: https://securelist.com/analysis/publications/36740/red-october-diplomatic-cyber-attacks-investigation/, 2013. Accessed Date 4 February 2017.
77. Global Research and Analysis Team, The “Red October” campaign – an advanced cyber espionage network targeting diplomatic and government agencies. Kaspersky, 14 January; [Online]; Available from: https://securelist.com/blog/incidents/57647/the-red-october-campaign/, 2013. Accessed Date 4 February 2017.
78. Global Research and Analysis Team Kasperky Labs, The PROJECTSAURON APT. 9 August; [Online]; Available from: https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf, 2016. Accessed Date 11 January 2017.
79. Goodin, D., How “omnipotent” hackers tied to NSA hid for 14 years – and were found at last. Ars Technica, 16 February; [Online]; Available from: https://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/, 2015. Accessed Date 1 February 2017.
80. Gostev, A., The Flame: questions and answers. Kaspersky, 28 May; [Online]; Available from: https://securelist.com/blog/incidents/34344/the-flame-questions-and-answers-51/, 2012. Accessed Date 1 February 2017.
81. Gostev, A., Flame: bunny, frog, munch and beetlejuice. Kaspersky, 30 May; [Online]; Available from: https://securelist.com/blog/incidents/32855/flame-bunny-frog-munch-and-beetlejuice-2/, 2012. Accessed Date 1 February 2017.
82. Gostev, A., ‘Gadget’ in the middle: Flame malware spreading vector identified. Kaspersky, 4 June; [Online]; Available from: https://securelist.com/blog/incidents/33081/gadget-in-the-middle-flame-malware-spreading-vector-identified-22/, 2012. Accessed Date 1 February 2017.
83. Gostev, A., Back to Stuxnet: the missing link. Kaspersky, 11 June; [Online]; Available from: https://securelist.com/blog/incidents/33174/back-to-stuxnet-the-missing-link-64/, 2012. Accessed Date 1 February 2017.
84. Gostev, A., The roof is on fire: tackling flame's C&C servers. Kaspersky, 4 June; [Online]; Available from: https://securelist.com/blog/incidents/33033/the-roof-is-on-fire-tackling-flames-cc-servers-6/, 2012. Accessed Date 1 February 2017.
85. Gostev, A., Soumenkov, I., Stuxnet/Duqu: the evolution of drivers. Kaspersky, 28 December; [Online]; Available from: https://securelist.com/analysis/publications/36462/stuxnetduqu-the-evolution-of-drivers/, 2011. Accessed Date 1 February 2017.
86. GovCERT.ch, APT case RUAG technical report. 23 May; [Online]; Available from: https://www.melani.admin.ch/dam/melani/de/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf, 2016. Accessed Date 12 January 2017.
87. Gross, J., C. S. team. Operation dust storm. February; [Online]; Available from: https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2016/2016.02.23.Operation_Dust_Storm/Op_Dust_Storm_Report.pdf, 2016. Accessed Date 11 January 2017.
88. Gross, J., Walter, J., Puttering into the Future…. Cylance, 12 January; [Online]; Available from: https://blog.cylance.com/puttering-into-the-future, 2016. Accessed Date 24 January 2017.
89. Grunzweig, J., Unit 42 technical analysis: Seaduke. PaloAlto Networks, 14 July; [Online]; Available from: http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/, 2015. Accessed Date 12 January 2017.
90. Hentunen, D., Tikkanen, A., Havex hunts for ICS/SCADA systems. F-Secure Labs, 23 June; [Online]; Available from: https://www.f-secure.com/weblog/archives/00002718.html, 2014. Accessed Date 11 January 2017.
91. Hern, A., Ukrainian blackout caused by hackers that attacked media company, researchers say. The Guardian, 7 January; [Online]; Available from: http://www.theguardian.com/technology/2016/jan/07/ukrainian-blackout-hackers-attacked-media-company, 2016. Accessed Date 21 January 2016.
92. Hjelmvik, E., Full disclosure of Havex Trojans. NetResSec, 27 October; [Online]; Available from: http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans, 2014. Accessed Date 11 January 2017.
93. Hoglund, G., Inside an APT covert communications channel. Fast Horizon, 16 August; [Online]; Available from: http://fasthorizon.blogspot.ca/2011/08/inside-apt-comment-crew-covert.html, 2011. Accessed Date 11 January 2017.
94. Huss, D., Operation transparent tribe. March; [Online]; Available from: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf, 2016. Accessed Date 11 January 2017.
95. Jiang, G., Caselden, D., Winters, R., The EPS awakens. FireEye Threat Research, 16 December; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2015/12/the_eps_awakens.html, 2015. Accessed Date 11 January 2017.
96. Karspersky Labs, The Duqu 2.0 technical details. 11 June; [Online]; Available from: https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf, 2015. Accessed Date 11 January 2017.
97. Kaspersky labs, Unveiling “Careto” - the masked APT. February; [Online]; Available from: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/unveilingthemask_v1.0.pdf, 2014. Accessed Date 11 January 2017.
98. Kaspersky labs, Equation group: questions and answers. February; [Online]; Available from: https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf, 2015. Accessed Date 11 January 2017.
99. Kaspersky Lab, The regin platform – Nation-State Ownage of GSM Networks. 24 November; [Online]; Available from: https://cdn.securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf, 2014. Accessed Date 11 January 2017.
100. Kaspersky Lab Global Research and Analysis, Gauss: abnormal distribution. June; [Online]; Available from: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/kaspersky-lab-gauss.pdf, 2012. Accessed Date 1 January 2017.
101. Kaspersky Lab Global Research and Analysis Team, Energetic bear – crouching yeti. July; [Online]; Available from: https://securelist.com/files/2014/07/EB-YetiJuly2014-Public.pdf, 2014. Accessed Date 12 January 2017.
102. Kaspersky Labs, The desert falcons targeted attacks. February; [Online]; Available from: https://securelist.com/files/2015/02/The-Desert-Falcons-targeted-attacks.pdf, 2015. Accessed Date 11 January 2017.
103. Kaspersky Lab's Global Research & Analysis Team, Full analysis of flame's command & control servers. Kaspersky, 17 September; [Online]; Available from: https://securelist.com/blog/incidents/34216/full-analysis-of-flames-command-control-servers-27/, 2012. Accessed Date 1 February 2017.
104. Kaspersky Lab's Global Research & Analysis Team, The epic turla operation. Kaspersky, 7 August; [Online]; Available from: https://securelist.com/analysis/publications/65545/the-epic-turla-operation/, 2014. Accessed Date 12 January 2017.
105. Kaspersky Lab's Global Research & Analysis Team, Sofacy APT hits high profile targets with updated toolset. Kaspersky, 4 December; [Online]; Available from: https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/, 2015. Accessed Date 12 January 2017.
106. Kaspersky Lab's Global Research & Analysis Team, Animals in the APT farm. Kaspersky Labs, 6 March; [Online]; Available from: https://securelist.com/blog/research/69114/animals-in-the-apt-farm/, 2015. Accessed Date 11 January 2017.
107. Kaspersky Lab's Global Research & Analysis Team, CVE-2015-2545: overview of current threats. Kaspersky Labs, 25 May; [Online]; Available from: https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/, 2016. Accessed Date 11 January 2017.
108. Kasza, A., Idrizovic, E., Houdini's magic reappearance. Palo Alto Networks, 25 October; [Online]; Available from: http://researchcenter.paloaltonetworks.com/2016/10/unit42-houdinis-magic-reappearance/, 2016. Accessed Date 3 February 2017.
109. KASPERSKY LAB ZAO, The ‘Icefog’ APT: a tale of cloak and three daggers. September; [Online]; Available from: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/icefog.pdf, 2013. Accessed Date 11 January 2017.
110. Kharouni, L., Hacquebord, F., Huq, N., Gogolinski, J., Mercês, F., Remorin, A., et al. Operation pawn storm using decoys to evade detection. October; [Online]; Available from: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf, 2014. Accessed Date 12 January 2017.
111. Kochetkova, K., What is known about the Lazarus Group: Sony hack, military espionage, attacks on Korean banks and other crimes. Kaspersky Lab, 24 February; [Online]; Available from: https://blog.kaspersky.com/operation-blockbuster/11407/, 2016. Accessed Date 11 January 2017.
112. Krebs, B., Anthem breach may have started in April 2014. Krebs on Security, 15 February; [Online]; Available from: https://krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/, 2015. Accessed Date 11 January 2017.
113. Krebs, B., Russian ‘Dukes’ of hackers pounce on trump win. Krebs On Security, 16 November; [Online]; Available from: https://krebsonsecurity.com/2016/11/russian-dukes-of-hackers-pounce-on-trump-win/, 2016. Accessed Date 12 January 2017.
114. Laboratory of Cryptography and System Security (CrySyS Lab), sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks v1.05. 31 May; [Online]; Available from: https://www.crysys.hu/skywiper/skywiper.pdf, 2012. Accessed Date 11 January 2017.
115. Lancaster, T., A tale of pirpi, scanbox & CVE-2015-3113. PwC, 23 July; [Online]; Available from: http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html, 2015. Accessed Date 11 January 2017.
116. Langner, R., To kill a centrifuge a technical analysis of what stuxnet's creators tried to achieve. November; [Online]; Available from: http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf, 2013. Accessed Date 11 January 2017.
117. Lee, B., Falcone, R., APT group UPS targets US government with hacking team flash exploit. PaloAlto, 10 July; [Online]; Available from: http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-government-with-hacking-team-flash-exploit/, 2015. Accessed Date 11 January 2017.
118. Lee, M., Lewis, D., Clustering disparate attacks: mapping the activities of the advanced persistent threat. In Virus Bulletin Conference, Barcelona, 2011.
119. Lelli, A., The Trojan. Hydraq incident: analysis of the Aurora 0-day exploit. Symantec, 21 January; [Online]; Available from: https://www.symantec.com/connect/blogs/trojanhydraq-incident-analysis-aurora-0-day-exploit, 2010. Accessed Date 11 January 2017.
120. Levene, B., Falcone, R., Wartell, R., Tracking MiniDionis: CozyCar's new ride is related to Seaduke. PaloAlto Networks, 14 July; [Online]; Available from: researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/, 2015. Accessed Date 12 January 2017.
121. Li, F., Lai, A., Ddl, D., Evidence of advanced persistent threat:a case study of malware for political espionage. In 2011 6th International Conference on Malicious and Unwanted Software, Farjado, Porto Rico, 2011.
122. Lipovsky, R., CVE-2014-4114: details on August BlackEnergy PowerPoint campaigns. ESET, 14 October; [Online]; Available from: http://www.welivesecurity.com/2014/10/14/cve-2014-4114-details-august-blackenergy-powerpoint-campaigns/, 2014. Accessed Date 27 January 2017.
123. Lipovsky, R., Back in BlackEnergy *: 2014 targeted attacks in Ukraine and Poland. ESET, 22 September; [Online]; Available from: http://www.welivesecurity.com/2014/09/22/back-in-blackenergy-2014/, 2014. Accessed Date 27 January 2017.
124. Lipovsky, R., Cherepanov, A., Last-minute paper: Back in BlackEnergy: 2014 targeted attacks in the Ukraine and Poland. In Virus Bulletin, Seattle, 2014.
125. Mandiant, APT1 - exposing one of China's cyber espionage units. February; [Online]; Available from: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf, 2013. Accessed Date 8 August 2013.
126. Marschalek, M., EvilBunny: malware instrumented By Lua. Cyphort, 16 December; [Online]; Available from: https://www.cyphort.com/evilbunny-malware-instrumented-lua/, 2014. Accessed Date 11 January 2017.
127. Marschalek, M., Babar: suspected nation state spyware in the spotlight. Cyphort, 18 February; [Online]; Available from: https://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/, 2015. Accessed Date 11 January 2017.
128. McAfee Foundstone Professional Services, McAfee Labs, Global energy cyberattacks: “Night Dragon”. 10 February; [Online]; Available from: http://www.mcafee.com/ca/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf, 2011. Accessed Date 11 January 2017.
129. McAfee Labs, Careto attack – the mask. 12 February; [Online]; Available from: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25037/en_US/McAfee_Labs_Threat_Advisory_Careto_Attack_The%20Mask_3.pdf, 2014. Accessed Date 11 January 2017.
130. Meyers, A., Whois Clever Kitten. Crowdstrike, 4 April; [Online]; Available from: https://www.crowdstrike.com/blog/whois-clever-kitten/, 2013. Accessed Date 11 January 2017.
131. Microsoft, Microsoft security intelligence report volume 19 | January through June, 2015. [Online]; Available from: http://download.microsoft.com/download/4/4/C/44CDEF0E-7924-4787-A56A-16261691ACE3/Microsoft_Security_Intelligence_Report_Volume_19_A_Profile_Of_A_Persistent_Adversary_English.pdf, 2015. Accessed Date 12 January 2017.
132. Minerva Labs LTD and ClearSky Cyber Security, CopyKittens attack group. 23 November; [Online]; Available from: https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf, 2015. Accessed Date 11 January 2017.
133. Monnappa, 2nd meetup – reversing and decrypting the communications of APT malware. CYSINFO, 7 July; [Online]; Available from: https://cysinfo.com/sx-2nd-meetup-reversing-and-decrypting-the-communications-of-apt-malware/, 2016. Accessed Date 11 January 2017.
134. Moran, N., Oppenheim, M., Darwin's favorite APT group. FireEye, 3 September; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html, 2014. Accessed Date 11 January 2017.
135. Moran, N., Homan, J., Scott, M., Operation poisoned hurricane. FireEye, 6 August; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2014/08/operation-poisoned-hurricane.html, 2014. Accessed Date 11 January 2017.
136. Moran, N., Scott, M., Oppenheim, M., Homan, J., Operation double tap. FireEye, 21 November; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html, 2014. Accessed Date 11 January 2017.
137. Mushtaq, A., More on the IE 0-day – Hupigon joins the party. FireEye, 4 November; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2010/11/ie-0-day-hupigon-joins-the-party.html, 2010. Accessed Date 11 January 2017.
138. Myers, J., Wolves among us: abusing trusted providers for malware operations. RSA, 18 May; [Online]; Available from: https://blogs.rsa.com/wolves-among-us-abusing-trusted-providers-malware-operations/, 2015. Accessed Date 11 January 2017.
139. Nakashima, E., Miller, G., Tate, J., U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say. Washington Post, 19 june 2012; [Online]; Available from: https://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html?utm_term=.3a60888d2377. Accessed Date 1 February 2017.
140. Narang, S., Backdoor. Barkiofork targets aerospace and defense industry. Symantec, 30 January; [Online]; Available from: https://www.symantec.com/connect/blogs/backdoorbarkiofork-targets-aerospace-and-defense-industry, 2013. Accessed Date 11 January 2017.
141. NH, Hat-tribution to PLA unit 61486. Crowdstrike, 9 June; [Online]; Available from: https://www.crowdstrike.com/blog/hat-tribution-pla-unit-61486/, 2014. Accessed Date 11 January 2017.
142. Novetta, Operation SMN: axiom threat actor group report 公理队. October; [Online]; Available from: http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf, 2014. Accessed Date 11 January 2017.
143. O'Gorman, G., McDonald, G., The Elderwood Project. [Online]; Available from: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf, 2012. Accessed Date 11 January 2017.
144. Parys, B., MoleRats: there's more to the naked eye. PwC, 21 November; [Online]; Available from: http://pwc.blogs.com/cyber_security_updates/2016/11/molerats-theres-more-to-the-naked-eye.html, 2016. Accessed Date 11 January 2017.
145. Pernet, C., Lu, K., Operation WOOLEN-GOLDFISH. 18 March; [Online]; Available from: https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-woolen-goldfish.pdf, 2015. Accessed Date 11 January 2017.
146. Pernet, C., Sela, E., The spy kittens are back: Rocket Kitten 2. September; [Online]; Available from: https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf, 2015. Accessed Date 11 January 2017.
147. PwC, Cyber threat operations tactical intelligence bulletin ScanBox II. 24 February; [Online]; Available from: http://pwc.blogs.com/files/cto-tib-20150223-01a.pdf, 2015. Accessed Date 11 January 2017.
148. Raiu, C., NetTraveler is back: the ‘Red Star’ APT returns with new tricks. Kaspersky Labs, 3 September; [Online]; Available from: https://securelist.com/blog/incidents/57455/nettraveler-is-back-the-red-star-apt-returns-with-new-tricks/, 2013. Accessed Date 11 January 2017.
149. Raiu, C., Baumgartner, K., The ‘Penquin’ turla a turla/snake/uroburos malware for Linux. Kaspersky, 8 December; [Online]; Available from: https://securelist.com/blog/research/67962/the-penquin-turla-2/, 2014. Accessed Date 12 January 2017.
150. Raiu, C., Golovkin, M., The chronicles of the Hellsing APT: the empire strikes back. Kaspersky, 15 April; [Online]; Available from: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/, 2015. Accessed Date 11 January 2017.
151. Raiu, C., Soumenkov, I., Comparing the Regin module 50251 and the “Qwerty” keylogger. Kaspersky, 27 January; [Online]; Available from: https://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/, 2015. Accessed Date 1 February 2017.
152. Raiu, C., Soumenkov, I., Baumgartner, K., Kamluk, V., G. R. a. A. Team. The MiniDuke mystery: PDF 0-day government spy assembler 0x29A micro backdoor. February; [Online]; Available from: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf, 2013. Accessed Date 12 January 2017.
153. Raiu, C., Soumenkov, I., Kamluk, V., The Icefog APT hits US targets with Java backdoor. Kaspersky Labs, 14 January; [Online]; Available from: https://securelist.com/blog/incidents/58209/the-icefog-apt-hits-us-targets-with-java-backdoor/, 2014. Accessed Date 11 January 2017.
154. Raiu, C. K. L. G. R. &. A. Team, Guerrero-Saade, J.A., Operation Blockbuster revealed. Kaspersky, 24 February; [Online]; Available from: https://securelist.com/blog/incidents/73914/operation-blockbuster-revealed/, 2016. Accessed Date 11 January 2017.
155. Rascagnères, P., Babar: espionage software finally found and put under the microscope. G Data, 18 February; [Online]; Available from: https://blog.gdatasoftware.com/2015/02/24270-babar-espionage-software-finally-found-and-put-under-the-microscope, 2015. Accessed Date 11 January 2017.
156. RiskBased Security, A breakdown and analysis of the December, 2014 Sony Hack. RiskBased Security, 5 December; [Online]; Available from: https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/, 2014. Accessed Date 11 January 2017.
157. RSA Incident Response, RSA incident response: emerging threat profile shell_crew. January; [Online]; Available from: https://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf, 2014. Accessed Date 11 January 2017.
158. RSA Research, TERRACOTTA VPN – enabler of advanced threat anonymity. 4 August; [Online]; Available from: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3.pdf, 2015. Accessed Date 11 January 2017.
159. Sancho, D., dela Torre, J., Bakuei, M., Villeneuve, N., McArdle, R., IXESHE – an APT campaign. [Online]; Available from: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf, 2012. Accessed Date 11 January 2017.
160. Sanger, D.E., Obama order sped up wave of cyberattacks against Iran. New York Times, 1 June; [Online]; Available from: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all, 2012. Accessed Date 8 August 2013.
161. Santos, O., The shadow brokers EPICBANANA and EXTRABACON exploits. Cisco, 21 September; [Online]; Available from: https://blogs.cisco.com/security/shadow-brokers, 2016. Accessed Date 11 January 2017.
162. Schworer, A., Liburdi, J., Storm chasing: hunting Hurricane Panda. Crowdstrike, 26 January; [Online]; Available from: https://www.crowdstrike.com/blog/storm-chasing/, 2015. Accessed Date 11 January 2017.
163. Scott, J., Spaniel, D., ICIT briefing: China's espionage dynasty. Institute for Critical Infrastructure Technology, Washington, D.C. 2016.
164. Scott, M., Clandestine fox, Part deux. FireEye, 10 June; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html, 2014. Accessed Date 19 January 2017.
165. Scott-Railton, J., Kleemola, K., London calling: two-factor authentication phishing from Iran. Citizenlab, 27 August; [Online]; Available from: https://citizenlab.org/2015/08/iran_two_factor_phishing/, 2015. Accessed Date 11 January 2017.
166. Security Response, The Waterbug attack group. 14 January; [Online]; Available from: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf, 2016. Accessed Date 12 January 2017.
167. Selvaraj, K., Hydraq (Aurora) attackers back?. Symantec, 13 September; [Online]; Available from: https://www.symantec.com/connect/blogs/hydraq-aurora-attackers-back, 2010. Accessed Date 11 January 2017.
168. Sherstobitoff, R., Liba, I., Walter, J., Dissecting Operation Troy: cyberespionage in South Korea. July; [Online]; Available from: http://www.mcafee.com/ca/resources/white-papers/wp-dissecting-operation-troy.pdf, 2013. Accessed Date 11 January 2017.
169. Simonite, T., Chinese hacking team caught taking over decoy water plant. 2 August; [Online]; Available from: http://www.technologyreview.com/news/517786/chinese-hacking-team-caught-taking-over-decoy-water-plant/, 2013. Accessed Date 10 October 2013.
170. Symantec Security Response, Hydraq – an attack of mythical proportions. Symantec, 15 January; [Online]; Available from: https://www.symantec.com/connect/blogs/hydraq-attack-mythical-proportions, 2010. Accessed Date 11 January 2017.
171. Symantec Security Response, W32.Duqu the precursor to the next Stuxnet. 23 November; [Online]; Available from: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf, 2011. Accessed Date 11 January 2017.
172. Symantec Security Response, Flamer: highly sophisticated and discreet threat targets the Middle East. Symantec, 28 May; [Online]; Available from: http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east, 2012. Accessed Date 1 February 2017.
173. Symantec Security Response, Dragonfly: cyberespionage attacks against energy suppliers. 7 July; [Online]; Available from: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf, 2014. Accessed Date 12 January 2017.
174. Symantec Security Response, Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks. Symantec, 14 October; [Online]; Available from: https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks, 2014. Accessed Date 12 January 2017.
175. Symantec Security Response, “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory. Symantec, 13 July; [Online]; Available from: https://www.symantec.com/connect/blogs/forkmeiamfamous-seaduke-latest-weapon-duke-armory, 2015. Accessed Date 12 January 2017.
176. Symantec Security Response, Regin: Top-tier espionage tool enables stealthy surveillance. 27 August; [Online]; Available from: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/regin-top-tier-espionage-tool-15-en.pdf, 2015. Accessed Date 11 January 2017.
177. Symantec Security Response, Buckeye cyberespionage group shifts gaze from US to Hong Kong. Symantec, 6 September; [Online]; Available from: https://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong, 2016. Accessed Date 11 January 2017.
178. Symantec Security Response, Strider: Cyberespionage group turns eye of Sauron on targets. Symantec, 7 August; [Online]; Available from: https://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets, 2016. Accessed Date 11 January 2017.
179. Tanase, S., Satellite turla: APT command and control in the sky. Kaspersky, 9 September; [Online]; Available from: https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/, 2015. Accessed Date 12 January 2017.
180. Tarakanov, D., The “Kimsuky” Operation: a North Korean APT?. 11 September; [Online]; Available from: https://securelist.com/analysis/publications/57915/the-kimsuky-operation-a-north-korean-apt/, 2013. Accessed Date 11 January 2017.
181. ThreatConnect Research Team, The anthem hack: all roads lead to China. ThreatConnect, 27 February; [Online]; Available from: https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/, 2015. Accessed Date 11 January 2017.
182. Trend Micro Threat Research Team, Operation arid viper. 16 February; [Online]; Available from: http://www.trendmicro.es/media/wp/operation-arid-viper-whitepaper-en.pdf, 2015. Accessed Date 11 January 2017.
183. TrendMicro. When big fish bite: operation arid viper and advtravel discovered by trend micro. TrendMicro, 15 March 2015. [Online].
184. U.S. Department of Justice (DoJ), U.S. charges five Chinese military hackers with cyber espionage against U.S. corporations and a labor organization for commercial advantage. Federal Bureau of Investigation, 19 May; [Online]; Available from: https://www.fbi.gov/contact-us/field-offices/pittsburgh/news/press-releases/u.s.-charges-five-chinese-military-hackers-with-cyber-espionage-against-u.s.-corporations-and-a-labor-organization-for-commercial-advantage, 2014. Accessed Date 18 January 2017.
185. Varma, R., McAfee Labs: combating Aurora. [Online]; Available from: https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2010/Combating%20Threats%20-%20Operation%20Aurora.pdf, 2010. Accessed Date 11 January 2017.
186. Villeneuve, N., Haq, T., Moran, N., Operation Molerats: Middle East cyber attacks using poison ivy. FireEye, 23 August; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html, 2013. Accessed Date 11 January 2017.
187. Villeneuve, N., Moran, N., Haq, T., Scott, M., Operation Saffron rose. May; [Online]; Available from: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf, 2014. Accessed Date 11 January 2017.
188. Villeneuve, N., Bennett, J.T., Moran, N., Haq, T., Scott, M., Geers, K., Operation “KE3CHANG”: targeted attacks against ministries of foreign affairs. [Online]; Available from: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf, 2014. Accessed Date 11 January 2017.
189. Weedon, J., Beyond ‘Cyber War’: Russia's use of strategic cyber espionage and information operations in Ukraine. Cyber war in perspective: Russian aggression against Ukraine, 2015, NATO CCD COE Publications, Talinn, 67–77.
190. Wilhoit, K., The SCADA that didn't cry wolf – who's really attacking your ICS equipment? (part 2). [Online]; Available from: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-scada-that-didnt-cry-wolf.pdf, 2013. Accessed Date 11 January 2017.
191. Wilhoit, K., Havex, it's down with OPC. FireEye, 17 July; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2014/07/havex-its-down-with-opc.html, 2014. Accessed Date 11 January 2017.
192. Windows Defender Advanced Threat Hunting Team, PLATINUM Targeted attacks in South and Southeast Asia. [Online]; Available from: https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf, 2016. Accessed Date 11 January 2017.
193. Winters, R., The EPS awakens – part 2. FireEye Threat Intelligence, 15 December; [Online]; Available from: https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html, 2015. Accessed Date 11 January 2017.
194. Yates, M., Scott, M., Levene, B., Miller-Osborn, J., Keigher, T., Operation Ke3chang resurfaces with new TidePool malware. PaloAlto, 22 May; [Online]; Available from: http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces-with-new-tidepool-malware/, 2016. Accessed Date 11 January 2017.
195. Zetter, K., The NSA acknowledges what we all feared: Iran learns from US cyberattacks. Wired, 10 February; [Online]; Available from: https://www.wired.com/2015/02/nsa-acknowledges-feared-iran-learns-us-cyberattacks/, 2015. Accessed Date 1 February 2017.