Tracking Adversaries: Ghostwriter APT Infrastructure
Introduction to Infrastructure Pivoting Pivoting on infrastructure is a handy skill for cyber threat intelligence (CTI) analysts to learn. It can help to reveal the bigger picture when it comes to malware, phishing, or network exploitation campaigns. Infrastructure pivoting essentially is the act of looking for more systems an adversary has created. The main benefit of this pursuit is the identification of additional targets or victims, more tools or malware samples, and ultimately new insights about the adversary’s capabilities. If done correctly, being able to pivot on adversary infrastructure will be very useful during incident response (IR) engagements. For example, it may lead to being able to attribute the intrusion to a known adversary. This will help others during an IR engagement understand the level of threat posed to the victim organisation. Receiving Threat Data To be able to pivot on adversary infrastructure, threat data is needed such as the intelligence shared ...