In recent years, we have witnessed a surge in the growth of technically sophisticated Advanced Persistent Threat (APT) attacks and their impact on industry, governance, and democracy. APT attacks are characterized by long-running complex attack chains that utilize heterogeneous files and sophisticated tactics, techniques, and procedures (TTPs). One of the most critical questions in this context is identifying the threat group behind the attack, which is known as APT attribution. Group attribution is helpful for defenders as it helps them prioritize their response and remediation efforts. In this talk, we introduce ADAPT, a static machine learning-based approach to APT attribution, which automates and standardizes the attribution process across heterogeneous file types. We present the findings and insights obtained from applying ADAPT to a newly crafted APT dataset consisting of 5,989 real-world APT samples from approximately 162 threat groups, spanning from May 2006 to October 2021.
Aakanksha is a second-year doctoral student at TU Wien’s Security and Privacy Research Unit. Before joining TU Wien, Aakanksha did her Master’s degree in Computer Science from the University of Utah, focusing on Cybersecurity. Following that, she worked as a Security Software Engineer at Microsoft, Redmond, USA. While working at Microsoft, Aakanksha often engaged in purple-team activities where they reverse-engineered malware binaries and emulated external adversaries (APT groups), such as APT29 and Fin7, to improve security detection and response. The experience drew her to the research area of malware analysis and attribution of advanced adversary attacks.