Inside the Mind of an APT
(On-Demand Module Overview)
This course provides the cornerstone to quickly upskill employees with knowledge and insights necessary to advise organizations on nation-state cyber threats.
After completing this course, learners should be able to:
Understand how governments use cyber operations as a tool of statecraft to support national-level priorities.
Explain why governments use cyber espionage, attacks, and cyber-enabled influence operations independently or in concert with one another.
Recognize key intelligence services and military organizations, down to the unit level, conducting cyber operations, and their mapping to known APT groups.
Identify catalysts that could drive potential future cyber efforts against specific industries through country-specific doctrine, policies, initiatives, or geopolitical shifts.
Evaluate how cyber threat intelligence vendor collection and reporting can augment existing threat coverage gaps within your organization.
Realize the complexity of work required to answer the attribution question of which nation-state is responsible for conducting a cyber operation.
Apply structured analytic techniques (SATs) to provide rigor and the ability to convey the underpinning reasoning behind an analytic assessment.
Who Should Attend
The primary audience for this course is any individual within an organization who is tasked with providing, making, supporting, researching, or communicating assessment about cyber threats or cyber risk. This course is designed as an intermediate-level, multidisciplinary survey course, but does not require students to have experience in cyber security, cyber risk management, or cyber threat analysis. Students are introduced to key concepts in cyber security, information technology (IT), cyber threat intelligence, and international relationship concepts throughout the course.
What to bring
A computer with internet connection and a modern browser (such as Google Chrome).
Content is available for 3 months from date of first login. It can be accessed 24/7 from a standard web browser.
$2,000 USD or 2 EOD Units
- Organizational Cyber Security Structure
- Introduction to Cyber Risk Concepts
- An Organization’s Cyber Threat Profile
- Case Study: Supply Chain Attacks
Cyber Threat Intelligence Vendor 101
- Cyber Threat Vendor Collection
- Finished Intelligence and Threat Intelligence Platforms (TIPs)
- Vendor Naming Conventions
Why and How States Use Cyber Operations
- Introduction to Cyber Operation Types and Motivations
- Case Study: Destructive Cyber Operation
- Introduction to the DIMEFIL Framework
- Brief History of Russia and Its National Priorities
- The Russian Government’s Organizational Structure
- Russia’s Use of Cyber Operations
- Russian Cyber Threat Groups
- Russia’s Domestic Censorship, Monitoring, Controls, and Information Operations
- Brief History of China and Its National Priorities
- The Chinese Government’s Organizational Structure
- China’s Use of Cyber Operations
- Chinese Cyber Threat Groups
- China’s Domestic Censorship, Monitoring, Controls, and Information Operations
The Democratic People's Republic of Korea (DPRK)
- Brief History of the DPRK and Its National Priorities
- The DPRK Government’s Organizational Structure
- The DPRK’s Use of Cyber Operations
- DPRK Cyber Threat Groups
- DPRK’s Domestic Censorship and Technical Monitoring
- Brief History of Iran and Its National Priorities
- The Iranian Government’s Organizational Structure
- Iran’s Use of Cyber Operations
- Iranian Cyber Threat Groups
- Iran’s Domestic Censorship, Monitoring, Controls, and Information Operations
Capstone Exercise: Applying the Analysis of Competing Hypothesis (ACH) to Cyber Attribution