Threat Intelligence Analysis

conduct open source research and respond to the following request for information (RFI) from your CISO about targeted attacks against the energy sector during the summer of 2017:

What threat actor or group is allegedly responsible for these attacks?
Is the threat actor or group linked to a foreign nation-state?
What was the suspected motivation or goal of the attacks?
Were any vulnerabilities (known or zero-day) associated with these attacks?
What tactics, techniques & procedures (TTPs) were used in the attacks?
Are there any indicators of compromise (IOCs) associated with the attacks?
1. Please classify IOCs into either host or network-based
What recommendations would you make to ensure our NSM program can detect/prevent these types of attacks? (hint: think about how the identified IOCs could be used to develop detection signatures)

Please structure the RFI into three sections based upon the type of intelligence you are providing (strategic, operational & tactical).

Your assignment should be submitted in Word or PDF format and include both an Executive Summary and a Citations page (document should be single-spaced, 1” margins, 12-pt font).

The sources listed below may provide you with information on this topic (however, you are encouraged to find other open source information related to this topic):

https://www.us-cert.gov/ncas/alerts/TA17-293A

https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html

https://www.wired.com/story/russian-hacking-teams-infrastructure/

https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group

https://www.ci-project.org/blog/2017/7/10/document-indicates-campaign-may-have-targeted-european-energy-and-critical-infrastructure-in-march-2017