Statements (108)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:terrorism
|
| gptkbp:aims_to |
disrupt operations
maintain long-term access steal sensitive data |
| gptkbp:can_be |
state-sponsored
difficult to detect global in scope highly secretive highly organized highly sophisticated highly adaptive criminally motivated difficult to attribute multi-stage attacks persistent in nature targeted at specific industries |
| gptkbp:can_be_used_to |
publicly available information
remote access tools encrypted communication supply chain attacks malware-as-a-service data encryption techniques |
| gptkbp:can_involve |
data manipulation
social engineering zero-day exploits collaboration between groups physical security breaches malicious insiders |
| gptkbp:can_lead_to |
data breaches
financial loss regulatory penalties loss of customer trust reputational damage national security risks operational disruptions |
| gptkbp:characterized_by |
long-term targeted attacks
|
| https://www.w3.org/2000/01/rdf-schema#label |
advanced persistent threat
|
| gptkbp:includes |
data exfiltration
reconnaissance lateral movement initial compromise |
| gptkbp:involves |
multiple phases
reconnaissance phase command and control communication exploitation phase installation of malware multiple attack vectors |
| gptkbp:is_analyzed_in |
forensic investigators
cybersecurity researchers |
| gptkbp:is_associated_with |
APT groups
|
| gptkbp:is_countered_by |
intrusion detection systems
firewalls endpoint protection solutions advanced threat protection tools |
| gptkbp:is_documented_in |
security frameworks
cyber threat reports |
| gptkbp:is_monitored_by |
security analysts
threat hunting teams |
| gptkbp:is_often_used_in |
gptkb:virus
social engineering phishing attacks credential theft custom malware advanced evasion techniques |
| gptkbp:is_recognized_by |
indicators of compromise
TTPs (Tactics, Techniques, and Procedures) |
| gptkbp:is_related_to |
gptkb:Espionage
data theft ransomware attacks supply chain attacks |
| gptkbp:often_includes |
data exfiltration
network infiltration insider threats phishing campaigns lateral movement within networks post-exploitation activities |
| gptkbp:prevention |
data encryption
security audits threat intelligence employee training penetration testing network segmentation regular software updates cybersecurity measures incident response plans vulnerability assessments |
| gptkbp:reported_by |
government publications
industry reports security advisories |
| gptkbp:requires |
incident response planning
advanced skills security awareness training threat intelligence sharing continuous monitoring advanced technical skills |
| gptkbp:targets |
gptkb:financial_institutions
gptkb:intellectual_property corporate networks government organizations telecommunications companies healthcare organizations critical infrastructure energy sector |
| gptkbp:utilizes |
spear phishing
sophisticated techniques zero-day exploits |
| gptkbp:bfsParent |
gptkb:The_Dark_Army
|
| gptkbp:bfsLayer |
5
|