Mapping Threat Actor TTPs to ATT&CK Framework

This is a great blog post from Digital Shadows . Their team has gone through Mueller GRU indictment and mapped the mentioned capabilities to ATT&CK framework TTPs (accompanied with mitigation advice per TTP). 

Blue teams should learn from this type of analysis:

1. Prioritize threats and threat actors. Prioritization should be based on past incidents, landscape exposure, sector threat landscape, threat actors’ motivation and strategic intelligence.

2. Identify the most relevant ones and proceed on the periodic detailed analysis of their TTPs based on a selected framework (ATT&CK is highly recommended).

3. Prioritize and implement detection and prevention controls based on the aforementioned analysis.

4. Conduct adversary emulation exercises (red/purple teaming) to verify the implemented controls and other control gaps.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.