Activity Directions
The purpose of this assignment is to demonstrate your ability to compare and contrast cyber threat actors’ Indicators of Compromise (IOC’s) and known tactics, techniques and procedures (TTPs) between two cyber intrusion campaigns.
Compare and contrast the activity described in the following two cyber intrusion campaigns:
- Campaign 1 (both links)
- Advanced Persistent Threat Activity Exploiting Managed Service ProvidersLinks to an external site.-https://us-cert.cisa.gov/ncas/alerts/TA18-276B
- APTs Targeting IT Service Provider Customers | CISALinks to an external site. https://www.cisa.gov/news-events/alerts/2018/10/03/apts-targeting-it-service-provider-customers
- Campaign 2
- CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise | CISALinks to an external site. https://us-cert.cisa.gov/ncas/current-activity/2021/05/14/cisa-publishes-eviction-guidance-networks-affected-solarwinds-and
Respond to the following prompts:
- Compare the TTPs attributed to the two campaigns. What are the similarities and differences?
- Using the same organization you selected in Module 1, assess the possibility that your organization might also be targeted in this campaign.
- If you suspected your organization might be targeted, what steps would you take to further assess positively or negatively? What information from your organization would you need in order to assess whether there has been any impact?
Criteria and Requirements
- Title page
- Length
- Undergraduate: 2 pages, double-spaced
- References page