Poster #233 - Threat Profiling of APT Groups

• In Event: ASC Poster Session I

Abstract

State-sponsored Advanced Persistent Threat (APT) groups pose serious risks to cybersecurity and international stability through long-term, targeted attacks. This study analyzes 63 APT groups based on the MITRE ATT&CK framework, which categorizes adversary behavior across 14 tactical stages. We examine the use of techniques by each group and apply multivariate analysis to classify and visualize their threat characteristics. Principal Component Analysis reveals key dimensions such as overall capability, stealth vs. destructiveness, and intrusion preparedness. Cluster analysis identifies four APT group types—Zeus (highly capable), Hades (tactically specialized), Icarus (limited capabilities), and Apollo (balanced). Multidimensional Scaling (MDS) illustrates inter-group relationships in two-dimensional space, highlighting national characteristics: Chinese groups focus on espionage, Russian groups on advanced intrusion, Iranian groups on destructive acts, and North Korean groups on persistence. This framework offers a comprehensive, data-driven approach for comparing APT groups, supporting both academic research and practical cybersecurity defense planning.

Authors

• Daiji Hario, Setsunan University

• Shoji Ueda, Seikei University