APT 그룹 허브
APT28 G0007
이 그룹을 다룬 REVELARE 한국어 분석 2편 · 사용 기법 93개 · 별칭 IRON TWILIGHT, SNAKEMACKEREL, Swallowtail
이 그룹을 다룬 분석
주요 사용 기법
- T1003OS Credential Dumping
- T1005Data from Local System
- T1014Rootkit
- T1025Data from Removable Media
- T1030Data Transfer Size Limits
- T1036Masquerading
- T1039Data from Network Shared Drive
- T1040Network Sniffing
- T1057Process Discovery
- T1068Exploitation for Privilege Escalation
- T1078Valid Accounts
- T1083File and Directory Discovery
- T1091Replication Through Removable Media
- T1092Communication Through Removable Media
- T1105Ingress Tool Transfer
- T1110Brute Force
- T1113Screen Capture
- T1119Automated Collection
- T1120Peripheral Device Discovery
- T1133External Remote Services
MITRE 공식 정의
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub August 2020)(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021) This group has been active since at least 2004.(Citation: DOJ GRU Indictment Jul 2018)(Citation: Ars Technica GRU indictment Jul 2018)(Citation: Crowdstrike …