{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T08:32:30Z","timestamp":1769243550455,"version":"3.49.0"},"reference-count":129,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Ministry of Defence (R&D), DRDO, GoI, India","award":["ERIP\/ER\/202312002\/M\/01\/131\/D R&D\/2024\/1851"],"award-info":[{"award-number":["ERIP\/ER\/202312002\/M\/01\/131\/D R&D\/2024\/1851"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/access.2026.3651833","type":"journal-article","created":{"date-parts":[[2026,1,12]],"date-time":"2026-01-12T22:02:28Z","timestamp":1768255348000},"page":"8426-8449","source":"Crossref","is-referenced-by-count":0,"title":["The Evolution of APT Techniques Targeting the Power Sector: Trends, Challenges, and Defense Strategies"],"prefix":"10.1109","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-2456-2847","authenticated-orcid":false,"given":"Anooja","family":"Joy","sequence":"first","affiliation":[{"name":"Department of Computer Engineering and Information Technology, Veermata Jijabai Technological Institute, Mumbai, India"}]},{"given":"Madhav","family":"Chandane","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering and Information Technology, Veermata Jijabai Technological Institute, Mumbai, India"}]},{"given":"Rahul","family":"Gupta","sequence":"additional","affiliation":[{"name":"Department of Defence (Research and Development) (DRDO), Office of the Advisor (Cyber), Ministry of Defence, Government of India, Delhi, India"}]},{"given":"Dipak","family":"Gupta","sequence":"additional","affiliation":[{"name":"Department of Defence (Research and Development) (DRDO), Office of the Advisor (Cyber), Ministry of Defence, Government of India, Delhi, India"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1487-942X","authenticated-orcid":false,"given":"Mohammad","family":"Ikram","sequence":"additional","affiliation":[{"name":"Department of Defence (Research and Development) (DRDO), Office of the Advisor (Cyber), Ministry of Defence, Government of India, Delhi, India"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3212-7718","authenticated-orcid":false,"given":"Faruk","family":"Kazi","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, Veermata Jijabai Technological Institute, Mumbai, India"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.3390\/en13153860"},{"key":"ref2","volume-title":"Under the Lens the Energy Sector","year":"2025"},{"key":"ref3","doi-asserted-by":"crossref","DOI":"10.2172\/1337873","article-title":"Cyber threat and vulnerability analysis of the U.S. electric sector","volume-title":"Idaho Nat. Lab. (INL)","author":"Glenn","year":"2016"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3317695"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-04537-1_12"},{"key":"ref6","article-title":"Analysis and design of security mechanisms in the context of advanced persistent threats against critical infrastructures","author":"Cort\u00e9s","year":"2022"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyad023"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/B978-0-443-13223-0.00087-4"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2891891"},{"key":"ref10","volume-title":"Intelligence Brief: Impact of FrostyGoop Modbus Malware on Connected OT Systems","year":"2024"},{"key":"ref11","volume-title":"The Attack Against Danish Critical Infrastructure","year":"2023"},{"key":"ref12","volume-title":"Under the Lens: The Energy Sector","year":"2024"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3507386"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1002\/9781394191529.ch15"},{"issue":"2","key":"ref15","first-page":"59","article-title":"Securing against apts: Advancements in detection and mitigation","volume":"1","author":"Fahad","year":"2023","journal-title":"BIN, Bull. Informat."},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2984795"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-024-00856-6"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3473021"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/OJIES.2025.3527585"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.4236\/cn.2022.144009"},{"issue":"8","key":"ref21","first-page":"778","article-title":"Innovative cyber security detecting and alerting device: An integrated approach to threat detection and mitigation","volume":"11","author":"Radadia","year":"2024","journal-title":"Int. Res. J. Eng. Technol."},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2015.02.002"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3469552"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3344680"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.70777\/agi.v1i1.10869"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-023-00706-x"},{"key":"ref27","volume-title":"APT1: Exposing One of China\u2019s Cyber Espionage Units","year":"2013"},{"key":"ref28","article-title":"MITRE ATT&CK: Design and philosophy","volume-title":"MITRE Corporation","author":"Strom","year":"2018"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3776549"},{"key":"ref30","article-title":"MITRE ATT&CK for industrial control systems: Design and philosophy","volume-title":"MITRE Corporation","author":"Alexander","year":"2020"},{"key":"ref31","article-title":"Evolution of ics attacks and the prospects for future disruptive events","volume-title":"Threat Intelligence Centre Dragos","author":"Slowik","year":"2019"},{"key":"ref32","article-title":"To kill a centrifuge","volume-title":"Technical Analysis Report Langner Group","author":"Langner","year":"2013"},{"issue":"1","key":"ref33","first-page":"2","article-title":"The industrial control system cyber kill chain","volume":"1","author":"Assante","year":"2015","journal-title":"SANS Inst. InfoSec Reading Room"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2023.3345665"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.2172\/2297403"},{"key":"ref36","article-title":"Cyber sovereignty","volume-title":"ETH Zurich","author":"Baezner","year":"2018"},{"key":"ref37","volume-title":"The Stuxnet Worm. Universit\u00e9 de lArizona","author":"Mueller","year":"2012"},{"key":"ref38","article-title":"The impact of dragonfly malware on industrial control systems","volume-title":"SANS Inst.","author":"Nelson","year":"2016"},{"key":"ref39","article-title":"Cybersecurity in industrial control systems: A roadmap for fortifying operations","author":"Chairopoulou","year":"2024"},{"key":"ref40","article-title":"Defending against the dragonfly cyber security attacks (2014)","author":"Langill","year":"2015"},{"key":"ref41","volume-title":"APT44: Unearthing Sandworm","year":"2025"},{"key":"ref42","volume-title":"VAnalysis: Industroyer\/CrashOverride Malware Attack","year":"2017"},{"key":"ref43","article-title":"Vulnerabilities and attacks against industrial control systems and critical infrastructures","author":"Makrakis","year":"2021","journal-title":"arXiv:2109.03945"},{"key":"ref44","volume-title":"COSMICENERGY: OT Malware and a Russian Response","year":"2023"},{"key":"ref45","volume-title":"What\u2019s the Scoop on Frostygoop: The Latest ICS Malware and Ics Controls Considerations","author":"Parsons","year":"2025"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2021.100464"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.55859\/ijiss.1431064"},{"key":"ref48","volume-title":"Spear Phishing Attachment\u2014MITRE ATT&CK Technique","year":"2025"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2016.02.001"},{"key":"ref50","volume-title":"Watering Hole Attack\u2014Cyber Glossary","year":"2025"},{"issue":"2","key":"ref51","first-page":"172","article-title":"Dragonfly cyber threats: A case study of malware attacks targeting power grids","volume":"4","author":"Khan","year":"2023","journal-title":"J. Comput. Biomed. Informat."},{"key":"ref52","volume-title":"The State of the Station: A Report on Attackers in the Energy Industry","year":"2019"},{"key":"ref53","volume-title":"The Rising Threat: A Surge in Zero-Day Exploits","year":"2025"},{"key":"ref54","article-title":"Automated volatile memory forensics for programmable logic controllers","author":"Awad","year":"2023"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.3390\/fi4040971"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2022.100521"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.2172\/2440408"},{"key":"ref58","doi-asserted-by":"crossref","DOI":"10.21203\/rs.3.rs-5248527\/v1","article-title":"Stealth in plain sight: The hidden threat of PowerShell fileless malware and its evasion of modern EDRs & AVs","author":"Elghaly","year":"2024"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-023-04603-y"},{"key":"ref60","article-title":"Advanced C2 fingerprinting","author":"De Fusco","year":"2023"},{"key":"ref61","volume-title":"Impacket and Exfiltration Tool Used to Steal Sensitive Information From Defense Industrial Base Organization","year":"2022"},{"key":"ref62","article-title":"Investigation of advanced persistent threats network-based tactics, techniques and procedures","author":"Alageel","year":"2025","journal-title":"arXiv:2502.08830"},{"key":"ref63","volume-title":"Microsoft Azure Network Security","author":"DiCola","year":"2021"},{"key":"ref64","article-title":"Contemporary cyber threats to critical infrastructures: Management and countermeasures","author":"Mitsarakis","year":"2023"},{"issue":"1","key":"ref65","first-page":"1","article-title":"A case study of Russian cyber-attacks on the Ukrainian power grid: Implications and best practices for the United States","volume":"16","author":"Pollard","year":"2024","journal-title":"Pepperdine Policy Rev."},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.3390\/app142210342"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.18278\/jcip.2.2.4"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/3704391.3704392"},{"key":"ref69","volume-title":"Energy Sector: Threats to Operational Technology","year":"2023"},{"key":"ref70","volume-title":"Apt Cyber Tools Targeting ICS\/SCADA Devices","year":"2022"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1016\/j.epsr.2024.110509"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijepes.2017.12.020"},{"key":"ref73","volume-title":"MITRE ATT&CK Groups","year":"2024"},{"key":"ref74","volume-title":"NCCIC\/ICS-CERT 2015 Year in Review","year":"2016"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/KIT52904.2021.9583744"},{"key":"ref76","volume-title":"APT Intelligence Reporting","year":"2025"},{"key":"ref77","volume-title":"APT Groups: Threat Intelligence Insights","year":"2025"},{"key":"ref78","volume-title":"Microsoft Threat Actor Naming","year":"2024"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1016\/j.rineng.2024.102647"},{"key":"ref80","volume-title":"Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin\u2019s Most Dangerous Hackers","author":"Greenberg","year":"2019"},{"key":"ref81","first-page":"1","article-title":"The near and far future of ransomware business models","author":"Hacquebord","year":"2022","journal-title":"Trend Micro Res."},{"key":"ref82","volume-title":"Helix Kitten, Chrysene\u2014Threat Group Cards: A Threat Actor Encyclopedia","year":"2025"},{"key":"ref83","first-page":"247","article-title":"North Korean cyberattacks: A dangerous and evolving threat","volume-title":"The Heritage Found.","author":"Klingner","year":"2021"},{"key":"ref84","volume-title":"The Top 5 Cyber Threats in the Energy Sector","year":"2022"},{"key":"ref85","volume-title":"Hidden Cobra, Labyrinth Chollima\u2014Threat Group Card. Lazarus Group","year":"2025"},{"key":"ref86","volume-title":"M. ATT&CK. APT28\u2014Mitre ATT&CK Group G0035","year":"2025"},{"key":"ref87","first-page":"4419","article-title":"State-of-the-art in Chinese APT attack and using threat intelligence for detection: A survey","volume":"2022","author":"Mohamed","year":"2022","journal-title":"J. Positive School Psychol."},{"key":"ref88","volume-title":"FBI. APT-41 Group\u2014Cyber\u2019s Most Wanted","year":"2025"},{"key":"ref89","article-title":"An analysis of the cyber threat actors targeting the United States and its allies","author":"Utterback","year":"2021"},{"key":"ref90","volume-title":"APT Profile: APT 29","year":"2025"},{"key":"ref91","volume-title":"Cozy Bear\u2014Glossary","year":"2025"},{"key":"ref92","volume-title":"Energetic Dragonfly: DYMALLOY (Bear 2.0)","year":"2018"},{"key":"ref93","volume-title":"Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group","year":"2022"},{"key":"ref94","volume-title":"China-Linked Group Redecho Targets the Indian Power Sector Amid Heightened Border Tensions","year":"2021"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/ICTC49870.2020.9289506"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.3390\/s21186225"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1080\/01402390.2014.977382"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1049\/iet-cps.2019.0084"},{"issue":"1","key":"ref99","first-page":"1","article-title":"Navigating the cyber security landscape: A comprehensive review of cyber-attacks, emerging trends, and recent developments","volume":"190","author":"Mallick","year":"2024","journal-title":"World Sci. News"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1016\/j.seta.2022.102648"},{"key":"ref101","volume-title":"U.S. Critical Infrastructure: Its Importance and Vulnerabilities to Cyber and Unmanned Systems","author":"Dorn","year":"2023"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2024.125034"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2025.3528744"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.2172\/2474838"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1016\/j.jii.2024.100623"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134639"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/TSG.2016.2622686"},{"key":"ref108","volume-title":"CrowdStrike 2024 Global Threat Report","year":"2024"},{"key":"ref109","article-title":"Accurate and scalable detection and investigation of cyber persistence threats","author":"Liu","year":"2024","journal-title":"arXiv:2407.18832"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2024.3389734"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref112","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2023.24207","article-title":"Sometimes, you aren\u2019t what you do: Mimicry attacks against provenance graph host intrusion detection systems","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp","author":"Goyal"},{"key":"ref113","article-title":"Lolbin detection through unsupervised learning: An approach based on explicit featurization of the command line and parent-child relationships","author":"Nisslmueller","year":"2022"},{"key":"ref114","article-title":"Mining data provenance to detect advanced persistent threats","volume-title":"Proc. 11th Int. Workshop Theory Pract. Provenance (TaPP)","author":"Barr\u00e9"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.06.015"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1145\/3701299"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.08.005"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1016\/j.egyr.2021.11.272"},{"issue":"1","key":"ref119","first-page":"15","article-title":"Zero trust architectures in the energy sector: Applications and benefits","volume":"12","author":"R\u00f6ttinger","year":"2024","journal-title":"Eur. J. Eng. Technol."},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.22178\/pos.113-2"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2023.100615"},{"key":"ref122","article-title":"Analysis of the cyber attack on the Ukrainian power grid","volume-title":"E-ISAC and SANS ICS","author":"Lee","year":"2016"},{"key":"ref123","article-title":"Detection engineering in industrial control systems: Ukraine 2016 attack case study","volume-title":"MITRE","author":"Slowik","year":"2022"},{"key":"ref124","volume-title":"Ukraine Power Grid Cyberattack and U.S. Susceptibility","author":"Shehod","year":"2016"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1016\/j.rser.2025.116100"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.1186\/s42162-021-00139-7"},{"key":"ref127","first-page":"53","article-title":"Cybersecurity threats to critical energy infrastructure in india: Challenges, opportunities and insights for developing nations","volume":"3","author":"Haridas","year":"2025","journal-title":"Commonwealth Cyber J. (CCJ)"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.3390\/en14185894"},{"key":"ref129","doi-asserted-by":"publisher","DOI":"10.1007\/s12599-023-00811-0"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/11323511\/11338756.pdf?arnumber=11338756","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,23]],"date-time":"2026-01-23T21:00:10Z","timestamp":1769202010000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11338756\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":129,"URL":"https:\/\/doi.org\/10.1109\/access.2026.3651833","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}