Inside the Mind of an APT
(On-Demand Module Overview)

This course provides the cornerstone to quickly upskill employees with knowledge and insights necessary to advise organizations on nation-state cyber threats.

Advanced Persistent Threat (APT Icon)

Course Overview

The Inside the Mind of an APT on-demand course is designed to explore how countries use cyber operations as a tool of statecraft to advance national-level priorities and in response to geopolitical drivers. Primarily focused on the “Big 4” cyber countries—China, Iran, North Korea, and Russia—the course will examine how, why, and against whom nation-states attack. These capabilities include:

  • Conducting cyber espionage
  • Destructive or disruptive cyber attacks
  • Cyber-enabled information operations

Insights gleaned from this course will allow students to improve their critical and lateral thinking ability to more swiftly respond to requests for information from leadership, hone forecasting skills, and fill knowledge gaps on nation-state cyber threat actors. It will also prepare organizations to proactively anticipate shifts in cyber threats and adjust their risk management and enterprise cyber security strategies accordingly.

Learning Objectives

After completing this course, learners should be able to:

  • Understand how governments use cyber operations as a tool of statecraft to support national-level priorities. 

  • Explain why governments use cyber espionage, attacks, and cyber-enabled influence operations independently or in concert with one another. 

  • Recognize key intelligence services and military organizations, down to the unit level, conducting cyber operations, and their mapping to known APT groups.  

  • Identify catalysts that could drive potential future cyber efforts against specific industries through country-specific doctrine, policies, initiatives, or geopolitical shifts. 

  • Evaluate how cyber threat intelligence vendor collection and reporting can augment existing threat coverage gaps within your organization. 

  • Realize the complexity of work required to answer the attribution question of which nation-state is responsible for conducting a cyber operation. 

  • Apply structured analytic techniques (SATs) to provide rigor and the ability to convey the underpinning reasoning behind an analytic assessment. 

Who Should Attend

The primary audience for this course is any individual within an organization who is tasked with providing, making, supporting, researching, or communicating assessment about cyber threats or cyber risk. This course is designed as an intermediate-level, multidisciplinary survey course, but does not require students to have experience in cyber security, cyber risk management, or cyber threat analysis. Students are introduced to key concepts in cyber security, information technology (IT), cyber threat intelligence, and international relationship concepts throughout the course.  



What to bring

A computer with internet connection and a modern browser (such as Google Chrome).

Delivery Method

On-demand training


14 hours
Content is available for 3 months from date of first login. It can be accessed 24/7 from a standard web browser.


$2,000 USD or 2 EOD Units

Course Outline

Cyber Risk

  • Organizational Cyber Security Structure
  • Introduction to Cyber Risk Concepts
  • An Organization’s Cyber Threat Profile
  • Case Study: Supply Chain Attacks

Cyber Threat Intelligence Vendor 101

  • Cyber Threat Vendor Collection
  • Finished Intelligence and Threat Intelligence Platforms (TIPs)
  • Vendor Naming Conventions

Why and How States Use Cyber Operations

  • Introduction to Cyber Operation Types and Motivations
  • Case Study: Destructive Cyber Operation
  • Introduction to the DIMEFIL Framework


  • Brief History of Russia and Its National Priorities
  • The Russian Government’s Organizational Structure
  • Russia’s Use of Cyber Operations
  • Russian Cyber Threat Groups
  • Russia’s Domestic Censorship, Monitoring, Controls, and Information Operations


  • Brief History of China and Its National Priorities
  • The Chinese Government’s Organizational Structure
  • China’s Use of Cyber Operations
  • Chinese Cyber Threat Groups
  • China’s Domestic Censorship, Monitoring, Controls, and Information Operations

The Democratic People's Republic of Korea (DPRK)

  • Brief History of the DPRK and Its National Priorities
  • The DPRK Government’s Organizational Structure
  • The DPRK’s Use of Cyber Operations
  • DPRK Cyber Threat Groups
  • DPRK’s Domestic Censorship and Technical Monitoring


  • Brief History of Iran and Its National Priorities
  • The Iranian Government’s Organizational Structure
  • Iran’s Use of Cyber Operations
  • Iranian Cyber Threat Groups
  • Iran’s Domestic Censorship, Monitoring, Controls, and Information Operations

Capstone Exercise: Applying the Analysis of Competing Hypothesis (ACH) to Cyber Attribution