This is a great blog post from Digital Shadows . Their team has gone through Mueller GRU indictment and mapped the mentioned capabilities to ATT&CK framework TTPs (accompanied with mitigation advice per TTP).
Blue teams should learn from this type of analysis:
1. Prioritize threats and threat actors. Prioritization should be based on past incidents, landscape exposure, sector threat landscape, threat actors’ motivation and strategic intelligence.
2. Identify the most relevant ones and proceed on the periodic detailed analysis of their TTPs based on a selected framework (ATT&CK is highly recommended).
3. Prioritize and implement detection and prevention controls based on the aforementioned analysis.
4. Conduct adversary emulation exercises (red/purple teaming) to verify the implemented controls and other control gaps.