Inside the Mind of an APT

Inside the Mind of an APT, an on-demand course is designed to explore how countries use cyber operations as a tool of statecraft to advance national-level priorities and in response to geopolitical drivers. Primarily focused on the “Big 4” cyber countries—China, Iran, North Korea, and Russia—the course will examine how, why, and against whom nation-states attack. These capabilities include:

• Conducting cyber espionage
• Destructive or disruptive cyber attacks
• Cyber-enabled information operations

Insights gleaned from this course can help students improve their critical and lateral thinking ability to more swiftly respond to requests for information from leadership, hone forecasting skills, and fill knowledge gaps on nation-state cyber threat actors. It can also prepare organizations to proactively anticipate shifts in cyber threats and adjust their risk management and enterprise cyber security strategies accordingly.

After completing this course, learners should be able to:

• Understand how governments use cyber operations as a tool of statecraft to support national-level priorities.
• Explain why governments use cyber espionage, attacks, and cyber-enabled influence operations independently or in concert with one another. 
• Recognize key intelligence services and military organizations, down to the unit level, conducting cyber operations, and their mapping to known APT groups.  
• Identify catalysts that could drive potential future cyber efforts against specific industries through country-specific doctrine, policies, initiatives, or geopolitical shifts. 
• Evaluate how cyber threat intelligence vendor collection and reporting can augment existing threat coverage gaps within an organization. 
• Realize the complexity of work required to answer the attribution question of which nation-state is responsible for conducting a cyber operation. 
• Apply structured analytic techniques (SATs) to provide rigor and the ability to convey the underpinning reasoning behind an analytic assessment. 

The primary audience for this course is individuals tasked with providing, making, supporting, researching, or communicating assessment about cyber threats or cyber risk. This course is designed as an intermediate-level, multidisciplinary survey course, but does not require students to have experience in cybersecurity, cyber risk management, or cyber threat analysis. Students are introduced to key concepts in cybersecurity, information technology (IT), cyber threat intelligence, and international relationship concepts throughout the course.  

On-demand training

14 hours

Content is available for 3 months from the date of first login. It can be accessed 24/7 from a standard web browser.

$2,000 USD or 2 Expertise on Demand (EOD) Units

Cyber risk

• Organizational cybersecurity structure
• Introduction to cyber risk concepts
• An organization’s cyber threat profile
• Case Study: Supply chain attacks

Cyber Threat Intelligence Vendor 101

• Cyber threat vendor collection
• Finished intelligence and threat intelligence platforms (TIPs)
• Vendor naming conventions

Why and how states use cyber operations

• Introduction to cyber operation types and motivations
• Case Study: Destructive cyber operation
• Introduction to the DIMEFIL framework

Russia

• Brief history of Russia and its national priorities
• The Russian government’s organizational structure
• Russia’s use of cyber operations
• Russian cyber threat groups
• Russia’s domestic censorship, monitoring, controls, and information operations

China

• Brief history of China and its national priorities
• The Chinese government’s organizational structure
• China’s use of cyber operations
• Chinese cyber threat groups
• China’s domestic censorship, monitoring, controls, and information operations

The Democratic People's Republic of Korea (DPRK)

• Brief history of the DPRK and its national priorities
• The DPRK government’s organizational structure
• The DPRK’s use of cyber operations
• DPRK cyber threat groups
• DPRK’s domestic censorship and technical monitoring

Iran

• Brief history of Iran and its national priorities
• The Iranian government’s organizational structure
• Iran’s use of cyber operations
• Iranian cyber threat groups
• Iran’s domestic censorship, monitoring, controls, and information operations

Capstone Exercise: Applying the analysis of competing hypothesis (ACH) to cyber attribution