{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:32:33Z","timestamp":1766442753289,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":128,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T00:00:00Z","timestamp":1763769600000},"content-version":"vor","delay-in-days":3,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Institute of Information & communications Technology Planning & Evaluation (IITP)","award":["RS-2022-II221199; RS-2024-00437306; RS-2024-00337414; RS-2025-25394739; RS-2025-25457342"],"award-info":[{"award-number":["RS-2022-II221199; RS-2024-00437306; RS-2024-00337414; RS-2025-25394739; RS-2025-25457342"]}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2126654; CNS-2126654; CNS-2440819; DGE-2335798"],"award-info":[{"award-number":["CNS-2126654; CNS-2126654; CNS-2440819; DGE-2335798"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765085","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:42:02Z","timestamp":1763854922000},"page":"3206-3220","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["A Decade-long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-3930-9212","authenticated-orcid":false,"given":"Shakhzod","family":"Yuldoshkhujaev","sequence":"first","affiliation":[{"name":"Sungkyunkwan University, Suwon, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-9880-7292","authenticated-orcid":false,"given":"Mijin","family":"Jeon","sequence":"additional","affiliation":[{"name":"Sungkyunkwan University, Suwon, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9033-990X","authenticated-orcid":false,"given":"Doowon","family":"Kim","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville, TN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9366-357X","authenticated-orcid":false,"given":"Nick","family":"Nikiforakis","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0799-0230","authenticated-orcid":false,"given":"Hyungjoon","family":"Koo","sequence":"additional","affiliation":[{"name":"Sungkyunkwan University, Suwon, Republic of Korea"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Hongsong Chen and Mumbi Chishimba","author":"Aaron Zimba Zhaoshun Wang","year":"2020","unstructured":"Zhaoshun Wang Aaron Zimba, Hongsong Chen and Mumbi Chishimba. 2020. Modeling and Detection of the Multi-Stages of Advanced Persistent Threats Attacks Based on Semi-Supervised Learning and Complex Networks Characteristics. Future Generation Computer Systems (2020)."},{"key":"e_1_3_2_2_2_1","volume-title":"Sowmya Myneni and Dijiang Huang","author":"Adel Alshamrani Ankur Chowdhary","year":"2019","unstructured":"Ankur Chowdhary Adel Alshamrani, Sowmya Myneni and Dijiang Huang. 2019. A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities. IEEE Communications Surveys & Tutorials (2019)."},{"key":"e_1_3_2_2_3_1","unstructured":"AhnLab. 2014. Vulnerability Malicious Code Appeared in the MBR Destruction Function Using Hangul File. https:\/\/asec.ahnlab.com\/ko\/1015\/."},{"key":"e_1_3_2_2_4_1","unstructured":"AhnLab. 2015. Targeted Attack on France TV5Monde. https:\/\/orkl.eu\/libraryEntry\/01871652-6001-4c34-b246-181978941024."},{"key":"e_1_3_2_2_5_1","unstructured":"amCharts. 2025. amCharts 4 Documentation. https:\/\/www.amcharts.com\/docs\/v4\/."},{"key":"e_1_3_2_2_6_1","unstructured":"Awadhesh Kumar Singh Amit Sharma Brij B. Gupta and V. K. Saraswat. 2023. Advanced Persistent Threats (APT): Evolution Anatomy Attribution and Countermeasures. Journal of Ambient Intelligence and Humanized Computing (2023)."},{"key":"e_1_3_2_2_7_1","volume-title":"Sebastian Borgeaud, Jean-Baptiste Alayrac, Jiahui Yu, Radu Soricut, Johan Schalkwyk, Andrew M. Dai, Anja Hauth, Katie Millican, and David Silver et al.","author":"Google Gemini Team","year":"2024","unstructured":"Gemini Team Google: Rohan Anil, Sebastian Borgeaud, Jean-Baptiste Alayrac, Jiahui Yu, Radu Soricut, Johan Schalkwyk, Andrew M. Dai, Anja Hauth, Katie Millican, and David Silver et al., 2024. Gemini: A Family of Highly Capable Multimodal Models. arXiv preprint arXiv:2312.11805 (2024)."},{"key":"e_1_3_2_2_8_1","volume-title":"Kim-Kwang Raymond Choo, and Hamid H. S. Javadi","author":"Bahrami Pooneh Nikkhah","year":"2019","unstructured":"Pooneh Nikkhah Bahrami, Ali Dehghantanha, Tooska Dargahi, Reza M. Parizi, Kim-Kwang Raymond Choo, and Hamid H. S. Javadi. 2019. Cyber Kill Chain-Based Taxonomy of Advanced Persistent Threat Actors: Analogy of Tactics, Techniques, and Procedures. Journal of Information Processing Systems (2019)."},{"key":"e_1_3_2_2_9_1","unstructured":"Kiran Bandla and Santiago Castro. 2025. Data. https:\/\/github.com\/aptnotes\/data."},{"key":"e_1_3_2_2_10_1","unstructured":"BBC. 2022. North Korean Hackers Target Gamers in $615m Crypto Heist - US. https:\/\/www.bbc.com\/news\/world-asia-61036733."},{"key":"e_1_3_2_2_11_1","volume-title":"Witte","author":"Booth Harold","year":"2013","unstructured":"Harold Booth, Doug Rike, and Gregory A. Witte. 2013. The National Vulnerability Database (NVD): Overview. ITL Bulletin, National Institute of Standards and Technology (2013)."},{"key":"e_1_3_2_2_12_1","unstructured":"Becky Bracken. 2020. Pfizer COVID-19 Vaccine Targeted in EU Cyberattack. https:\/\/threatpost.com\/pfizer-covid-19-vaccine-cyberattack\/162170\/."},{"key":"e_1_3_2_2_13_1","volume-title":"APT Datasets and Attack Modeling for Automated Detection Methods: A Review. Computers & Security","author":"Hofer-Schmitz Branka Katharina","year":"2020","unstructured":"Katharina Hofer-Schmitz Branka Stojanovic and Ulrike Kleb. 2020. APT Datasets and Attack Modeling for Automated Detection Methods: A Review. Computers & Security (2020)."},{"key":"e_1_3_2_2_14_1","unstructured":"Nick Carr. 2017. Cyber Espionage Is Alive and Well: APT32 and the Threat to Global Corporations. https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/cyber-espionage-apt32\/."},{"key":"e_1_3_2_2_15_1","unstructured":"CERT-UA. 2025. CERT-UA Threat actors. https:\/\/cert.gov.ua\/search\/UAC."},{"key":"e_1_3_2_2_16_1","unstructured":"CISA. 2020. Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems. https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa20-296b."},{"key":"e_1_3_2_2_17_1","unstructured":"Cybersecurity & Infrastructure Security Agency (CISA). 2025. US-CERT. https:\/\/www.cisa.gov\/."},{"key":"e_1_3_2_2_18_1","unstructured":"The Mitre Corporation. 2024a. Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/."},{"key":"e_1_3_2_2_19_1","unstructured":"The Mitre Corporation. 2024b. MITRE ATT&CK. https:\/\/attack.mitre.org\/."},{"key":"e_1_3_2_2_20_1","unstructured":"Andrea Cristaldi. 2025. APTmap. https:\/\/github.com\/andreacristaldi\/APTmap\/."},{"key":"e_1_3_2_2_21_1","unstructured":"CrowdStrike. 2025. CrowdStrike Adversaries. https:\/\/www.crowdstrike.com\/adversaries\/."},{"key":"e_1_3_2_2_22_1","unstructured":"CyberMonitor. 2024. APT & Cybercriminals Campaign Collection. https:\/\/github.com\/CyberMonitor\/APT_CyberCriminal_Campagin_Collections."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2994539.2994542"},{"key":"e_1_3_2_2_24_1","volume-title":"Martin Clau\u00df and Elmar Padilla","author":"Daniel Plohmann Steffen Enders","year":"2017","unstructured":"Steffen Enders Daniel Plohmann, Martin Clau\u00df and Elmar Padilla. 2017. Malpedia: A Collaborative Effort to Inventorize the Malware Landscape. The Journal on Cybercrime and Digital Investigations (2017)."},{"key":"e_1_3_2_2_25_1","unstructured":"Lizzie Dearden. 2017. Emmanuel Macron Campaign Hack: French Presidential Candidate Targeted by Cyber Attack Similar to DNC Leak. https:\/\/www.independent.co.uk\/news\/world\/europe\/emmanuel-macron-leaks-hack-en-marche-cyber-attack-russia-dnc-marine-le-pen-election-france-latest-a7721796.html."},{"key":"e_1_3_2_2_26_1","unstructured":"Dragos. 2025. Dragos Threat Groups. https:\/\/www.dragos.com\/threat-groups\/."},{"key":"e_1_3_2_2_27_1","volume-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS '23)","author":"Sencar Enes Altinisik H\u00fcsrev Taha","year":"2023","unstructured":"H\u00fcsrev Taha Sencar Enes Altinisik, Fatih Deniz. 2023. ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS '23)."},{"key":"e_1_3_2_2_28_1","unstructured":"Electronic Transactions Development Agency (ETDA). 2019. Electronic Transactions Development Agency. https:\/\/apt.etda.or.th\/cgi-bin\/aptgroups.cgi."},{"key":"e_1_3_2_2_29_1","volume-title":"Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. https:\/\/unit42.paloaltonetworks.com\/scarlet-mimic-years-long-espionage-targets-minority-activists\/.","author":"Falcone Robert","year":"2016","unstructured":"Robert Falcone and Jen Miller-Osborn. 2016. Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. https:\/\/unit42.paloaltonetworks.com\/scarlet-mimic-years-long-espionage-targets-minority-activists\/."},{"key":"e_1_3_2_2_30_1","unstructured":"Fraunhofer FKIE. 2024. Malpedia Inventory. https:\/\/malpedia.caad.fkie.fraunhofer.de\/library."},{"key":"e_1_3_2_2_31_1","unstructured":"Fraunhofer FKIE. 2025. APT17. https:\/\/malpedia.caad.fkie.fraunhofer.de\/actor\/apt17."},{"key":"e_1_3_2_2_32_1","unstructured":"International Organization for Standardization. 2025. ISO 3166 Country Codes. https:\/\/www.iso.org\/iso-3166-country-codes.html."},{"key":"e_1_3_2_2_33_1","unstructured":"Fortinet. 2025. Indicators Of Compromise (IoCs). https:\/\/www.fortinet.com\/resources\/cyberglossary\/indicators-of-compromise."},{"key":"e_1_3_2_2_34_1","unstructured":"Stanislav Golovanov. 2021.pdfkit 1.0.0. https:\/\/pypi.org\/project\/pdfkit\/."},{"key":"e_1_3_2_2_35_1","unstructured":"Google. 2025. Advanced persistent threats (APTs). https:\/\/cloud.google.com\/security\/resources\/insights\/apt-groups?hl=en."},{"key":"e_1_3_2_2_36_1","unstructured":"GREAT. 2016. ProjectSauron: Top Level Cyber-Espionage Platform Covertly Extracts Encrypted Government Comms. https:\/\/securelist.com\/faq-the-projectsauron-apt\/75533\/."},{"key":"e_1_3_2_2_37_1","unstructured":"GREAT. 2019. Recent Cloud Atlas Activity. https:\/\/securelist.com\/recent-cloud-atlas-activity\/92016\/."},{"key":"e_1_3_2_2_38_1","unstructured":"GREAT. 2024. APT Trends Report Q2 2024. https:\/\/securelist.com\/apt-trends-report-q2-2024\/113275\/."},{"key":"e_1_3_2_2_39_1","volume-title":"Russian Economy Inches Forward","author":"World Bank Group","year":"2016","unstructured":"World Bank Group. 2016. Russian Economy Inches Forward, Says World Bank. https:\/\/www.worldbank.org\/en\/news\/press-release\/2016\/11\/09\/russian-economy-inches-forward-says-world-bank."},{"key":"e_1_3_2_2_40_1","unstructured":"Josh Grunzweig. 2017. DragonOK Updates Toolset and Targets Multiple Geographic Regions. https:\/\/unit42.paloaltonetworks.com\/unit42-dragonok-updates-toolset-targets-multiple-geographic-regions\/."},{"key":"e_1_3_2_2_41_1","unstructured":"Claudio Guarnieri. 2015. Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag. https:\/\/netzpolitik.org\/2015\/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag\/."},{"key":"e_1_3_2_2_42_1","unstructured":"Health Sector Cybersecurity Coordination Center (HC3). 2020. APT41 Citrix and Zoho Attacks on Healthcare. https:\/\/www.hhs.gov\/sites\/default\/files\/apt41-citrix-and-zoho-attacks-on-healthcare.pdf."},{"key":"e_1_3_2_2_43_1","unstructured":"Alex Hern. 2017. Macron Hackers Linked to Russian-Affiliated Group Behind US Attack. https:\/\/www.theguardian.com\/world\/2017\/may\/08\/macron-hackers-linked-to-russian-affiliated-group-behind-us-attack\/."},{"volume-title":"Adam Lerer, Adam P. Goucher, Adam Perelman, Aditya Ramesh, Aidan Clark, AJ Ostrow, Akila Welihinda, Alan Hayes, and Alec Radford et al.","year":"2024","key":"e_1_3_2_2_44_1","unstructured":"OpenAI: Aaron Hurst, Adam Lerer, Adam P. Goucher, Adam Perelman, Aditya Ramesh, Aidan Clark, AJ Ostrow, Akila Welihinda, Alan Hayes, and Alec Radford et al., 2024. GPT-4o System Card. arXiv preprint arXiv:2410.21276 (2024)."},{"key":"e_1_3_2_2_45_1","unstructured":"Amnesty International. 2021. Click and Bait: Vietnamese Human Rights Defenders Targeted with Spyware Attacks. https:\/\/www.amnesty.org\/en\/latest\/research\/2021\/02\/click-and-bait-vietnamese-human-rights-defenders-targeted-with-spyware-attacks\/."},{"key":"e_1_3_2_2_46_1","unstructured":"Intrusiontruth. 2019. Encore! APT17 Hacked Chinese Targets and Offered the Data for Sale. https:\/\/intrusiontruth.wordpress.com\/2019\/07\/25\/encore-apt17-hacked-chinese-targets-and-offered-the-data-for-sale\/."},{"key":"e_1_3_2_2_47_1","unstructured":"Luke Jenkins and Dan Black. 2024. APT29 Uses WINELOADER to Target German Political Parties. https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/apt29-wineloader-german-political-parties."},{"key":"e_1_3_2_2_48_1","volume-title":"Proceedings of the 33rd USENIX Security Symposium (Security '24)","author":"Jia Zian","year":"2024","unstructured":"Zian Jia, Yun Xiong, Yuhong Nan, Yao Zhang, Jinjing Zhao, and Mi Wen. 2024. MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning. In Proceedings of the 33rd USENIX Security Symposium (Security '24)."},{"key":"e_1_3_2_2_49_1","unstructured":"A.L. Johnson. 2017. Longhorn: Tools Used by Cyberespionage Group Linked to Vault 7. https:\/\/community.broadcom.com\/symantecenterprise\/communities\/community-home\/librarydocuments\/viewdocument?DocumentKey=7ca2e331-2209-46a8-9e60-4cb83f9602de."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/TBDATA.2019.2921572"},{"key":"e_1_3_2_2_51_1","unstructured":"Nils Kuhnert. 2025. APTMAP. https:\/\/aptmap.netlify.app\/."},{"key":"e_1_3_2_2_52_1","unstructured":"Mohit Kumar. 2016. Hillary Clinton's Presidential Campaign Also Hacked in Attack on Democratic Party. https:\/\/thehackernews.com\/2016\/07\/hillary-clinton-hacked.html."},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3645000"},{"key":"e_1_3_2_2_54_1","unstructured":"Kaspersky Lab. 2016. Carbanak and Beyond: Banks Face New Attacks. https:\/\/www.kaspersky.es\/about\/press-releases\/carbanak-and-beyond-banks-face-new-attacks?srsltid=AfmBOooc537SIDl8XO0gOiV-ILgYN7dcprjGliqXabXLdW6MgegfKZv1."},{"key":"e_1_3_2_2_55_1","unstructured":"Kaspersky Lab. 2025a. Kaspersky Lab. https:\/\/www.kaspersky.com\/."},{"key":"e_1_3_2_2_56_1","unstructured":"Kaspersky Lab. 2025b. MAP | Kaspersky Cyberthreat Live Map. https:\/\/cybermap.kaspersky.com\/."},{"key":"e_1_3_2_2_57_1","unstructured":"Kaspersky Lab. 2025c. Targeted Cyberattacks Logbook. https:\/\/apt.securelist.com\/."},{"key":"e_1_3_2_2_58_1","unstructured":"LangChain. 2022. LangChain. https:\/\/www.langchain.com\/."},{"key":"e_1_3_2_2_59_1","unstructured":"LangChain. 2025. PyPDFLoader. https:\/\/python.langchain.com\/docs\/integrations\/document_loaders\/pypdfloader\/."},{"key":"e_1_3_2_2_60_1","unstructured":"Denis Legezo. 2016. InPage Zero-Day Exploit Used to Attack Financial Institutions in Asia. https:\/\/securelist.com\/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia\/76717\/."},{"key":"e_1_3_2_2_61_1","unstructured":"Musarubra US LLC. 2025. Trellix. https:\/\/www.trellix.com\/."},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690221"},{"key":"e_1_3_2_2_63_1","unstructured":"Asheer Malhotra and Kendall McKay. 2021. Transparent Tribe APT Expands Its Windows Malware Arsenal. https:\/\/blog.talosintelligence.com\/transparent-tribe-infra-and-targeting\/."},{"key":"e_1_3_2_2_64_1","unstructured":"Mandiant. 2014. Operation Saffron Rose: Iranian Threat Actors Conduct Cyber Espionage Against U.S. Targets. https:\/\/www.infopoint-security.de\/medien\/fireeye-operation-saffron-rose.pdf."},{"key":"e_1_3_2_2_65_1","unstructured":"Mandiant. 2025. Mandiant Threat Intelligence. https:\/\/www.mandiant.com."},{"key":"e_1_3_2_2_66_1","unstructured":"Bill Marczak Jakub Dalek Sarah McKune Adam Senft John Scott-Railton and Ron Deibert. 2018. BAD TRAFFIC: Sandvine's PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads? https:\/\/citizenlab.ca\/2018\/03\/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria\/."},{"key":"e_1_3_2_2_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/CISS.2016.7460498"},{"key":"e_1_3_2_2_68_1","unstructured":"Meta. 2025. React. https:\/\/react.dev\/."},{"key":"e_1_3_2_2_69_1","unstructured":"Trend Micro. 2014. Trend Micro. https:\/\/www.trendmicro.com\/en_us\/business.html."},{"key":"e_1_3_2_2_70_1","unstructured":"Microsoft. 2025a. How Microsoft Names Threat Actors. https:\/\/learn.microsoft.com\/en-us\/defender-xdr\/microsoft-threat-actor-naming?view=o365-worldwide."},{"key":"e_1_3_2_2_71_1","unstructured":"Microsoft. 2025b. Microsoft. https:\/\/www.microsoft.com\/."},{"volume-title":"Proceedings of the 2019 IEEE Symposium on Security and Privacy (S&P '19)","author":"Milajerdi Sadegh M.","key":"e_1_3_2_2_72_1","unstructured":"Sadegh M. Milajerdi, Rigel Gjomemo, Birhanu Eshete, R. Sekar, and V.N. Venkatakrishnan. 2019. HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (S&P '19)."},{"key":"e_1_3_2_2_73_1","unstructured":"Aleksandar Milenkoski. 2023. Gaza Cybergang | Unified Front Targeting Hamas Opposition. https:\/\/www.sentinelone.com\/labs\/gaza-cybergang-unified-front-targeting-hamas-opposition\/."},{"key":"e_1_3_2_2_74_1","volume-title":"Fabio Pierazzi and Alessandro Guido","author":"Mirco Marchetti Michele Colajanni","year":"2016","unstructured":"Michele Colajanni Mirco Marchetti, Fabio Pierazzi and Alessandro Guido. 2016. Analysis of High Volumes of Network Traffic for Advanced Persistent Threat Detection. Computer Networks (2016)."},{"key":"e_1_3_2_2_75_1","unstructured":"MISP. 2025. Misp-Galaxy. https:\/\/github.com\/MISP\/misp-galaxy."},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3579375.3579391"},{"key":"e_1_3_2_2_77_1","unstructured":"Palo Alto Networks. 2025. Palo Alto Networks. https:\/\/unit42.paloaltonetworks.com\/."},{"key":"e_1_3_2_2_78_1","author":"Google","year":"2024","unstructured":"Google News. 2024. Google News. https:\/\/news.google.com\/.","journal-title":"News."},{"key":"e_1_3_2_2_79_1","unstructured":"Federal Bureau of Investigation (FBI). 2025. FBI. https:\/\/www.fbi.gov\/services."},{"key":"e_1_3_2_2_80_1","unstructured":"U.S. Department of the Treasury. 2024. Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure. https:\/\/home.treasury.gov\/news\/press-releases\/jy2205."},{"key":"e_1_3_2_2_81_1","unstructured":"OpenAI. 2024a. GPT-4 Technical Report. arXiv preprint arXiv:2303.08774 (2024)."},{"key":"e_1_3_2_2_82_1","unstructured":"OpenAI. 2024b. New Embedding Models and API Updates. https:\/\/openai.com\/index\/new-embedding-models-and-api-updates\/."},{"key":"e_1_3_2_2_83_1","unstructured":"OpenAI. 2025. OpenAI Models. https:\/\/platform.openai.com\/docs\/models."},{"key":"e_1_3_2_2_84_1","unstructured":"The North Atlantic Treaty Organization. 2025. NATO. https:\/\/www.nato.int\/."},{"key":"e_1_3_2_2_85_1","unstructured":"Ovi. 2023. RE:archive | Reverse Engineering APT37's GOLDBACKDOOR Dropper. https:\/\/www.0x0v1.com\/rearchive-goldbackdoor\/."},{"key":"e_1_3_2_2_86_1","unstructured":"Pierluigi Paganini. 2020. Japanese Kawasaki Heavy Industries Discloses Security Breach. https:\/\/securityaffairs.com\/112765\/data-breach\/kawasaki-heavy-industries-cyber-attack.html."},{"key":"e_1_3_2_2_87_1","unstructured":"Pallets. 2024. Flask Documentation. https:\/\/flask.palletsprojects.com\/en\/stable\/."},{"key":"e_1_3_2_2_88_1","unstructured":"Seongsu Parkk. 2020. Lazarus Covets COVID-19-Related Intelligence. https:\/\/securelist.com\/lazarus-covets-covid-19-related-intelligence\/99906\/."},{"key":"e_1_3_2_2_89_1","volume-title":"Proceedings of the 34th International Conference on Neural Information Processing Systems (NIPS '20)","author":"Piktus Aleksandra","year":"2020","unstructured":"Aleksandra Piktus, Fabio Petroni, Vladimir Karpukhin, Naman Goyal, Heinrich K\u00fcttler, Mike Lewis, Wen tau Yih, Tim Rockt\u00e4schel, Sebastian Riedel, and Douwe Kiela. 2020. Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks. In Proceedings of the 34th International Conference on Neural Information Processing Systems (NIPS '20)."},{"key":"e_1_3_2_2_90_1","unstructured":"Alexander Rogan. 2024. The Unseen Siege: China's Persistent Cyber Offensive Against U.S. Critical Infrastructure. https:\/\/energycentral.com\/c\/pip\/unseen-siege-chinas-persistent-cyber-offensive-against-us-critical-infrastructure."},{"key":"e_1_3_2_2_91_1","unstructured":"Salesforce. 2025a. Heroku. https:\/\/www.heroku.com\/."},{"key":"e_1_3_2_2_92_1","unstructured":"Salesforce. 2025b. Tableau. https:\/\/www.tableau.com\/."},{"key":"e_1_3_2_2_93_1","unstructured":"Sectrio. 2024. Complete Guide to Advanced Persistent Threat (APT) Security. https:\/\/sectrio.com\/blog\/complete-guide-to-apt-security\/."},{"key":"e_1_3_2_2_94_1","unstructured":"Secureworks. 2025. Secureworks Threat Profiles. https:\/\/www.secureworks.com\/research\/threat-profiles."},{"key":"e_1_3_2_2_95_1","unstructured":"IBM Security. 2025a. IBM X-Force Hive. https:\/\/exchange.xforce.ibmcloud.com\/search\/hive."},{"key":"e_1_3_2_2_96_1","unstructured":"IBM Security. 2025b. IBM X-Force ITG. https:\/\/exchange.xforce.ibmcloud.com\/search\/ITG."},{"key":"e_1_3_2_2_97_1","unstructured":"RSA Security. 2025c. RSA Security. https:\/\/www.rsa.com\/."},{"key":"e_1_3_2_2_98_1","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3645012"},{"key":"e_1_3_2_2_99_1","volume-title":"Time for aCTIon: Automated Analysis of Cyber Threat Intelligence in the Wild. arXiv preprint arXiv:2307.10214","author":"Siracusano Giuseppe","year":"2023","unstructured":"Giuseppe Siracusano, Davide Sanvitom, Roberto Gonz\u00e1lez, Manikantan Srinivasan, Sivakaman Kamatchi, Wataru Takahashi, Masaru Kawakita, Takahiro Kakumaru, and Roberto Bifulco. 2023. Time for aCTIon: Automated Analysis of Cyber Threat Intelligence in the Wild. arXiv preprint arXiv:2307.10214 (2023)."},{"key":"e_1_3_2_2_100_1","unstructured":"Dark Reading Staff. 2023. Russia's `Fancy Bear' APT Targets Ukrainian Energy Facility. https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/russia-fancy-bear-apt-ukrainian-energy-facility."},{"key":"e_1_3_2_2_101_1","unstructured":"StrangerealIntel. 2023. EternalLiberty. https:\/\/github.com\/StrangerealIntel\/EternalLiberty."},{"key":"e_1_3_2_2_102_1","unstructured":"Tableau. 2024. Sankey. https:\/\/exchange.tableau.com\/products\/932."},{"key":"e_1_3_2_2_103_1","volume-title":"Carderbee: APT Group Use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong. https:\/\/www.security.com\/threat-intelligence\/carderbee-software-supply-chain-certificate-abuse.","author":"Team Threat Hunter","year":"2024","unstructured":"Threat Hunter Team. 2024. Carderbee: APT Group Use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong. https:\/\/www.security.com\/threat-intelligence\/carderbee-software-supply-chain-certificate-abuse."},{"key":"e_1_3_2_2_104_1","unstructured":"Check Point Software Technologies. 2022. Cloud Atlas Targets Entities in Russia and Belarus Amid the Ongoing War in Ukraine. https:\/\/research.checkpoint.com\/2022\/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine\/."},{"key":"e_1_3_2_2_105_1","unstructured":"Tines. 2025. IoCParser. https:\/\/iocparser.com\/."},{"key":"e_1_3_2_2_106_1","unstructured":"Orlaith Traynor. 2024. Top Threat Actors on the Dark Web | 2023 Recap. https:\/\/cybelangel.com\/top-threat-actors-on-the-dark-web-recap\/."},{"key":"e_1_3_2_2_107_1","unstructured":"Jakob Truelsen and Ashish Kulkarni. 2022. wkhtmltopdf. https:\/\/wkhtmltopdf.org\/."},{"key":"e_1_3_2_2_108_1","volume-title":"Anirudh Khanna and Suryaprakash Nalluri","author":"Vaibhav Malik Nandan Sharma","year":"2024","unstructured":"Nandan Sharma Vaibhav Malik, Anirudh Khanna and Suryaprakash Nalluri. 2024. Advanced Persistent Threats (APTs): Detection Techniques and Mitigation Strategies. International Journal of Global Innovations and Solutions (2024)."},{"key":"e_1_3_2_2_109_1","unstructured":"Venafi. 2025. Venafi. https:\/\/venafi.com\/."},{"key":"e_1_3_2_2_110_1","unstructured":"Jai Vijayan. 2023. Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine. https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/russia-sandworm-apt-swarm-wiper-attacks-ukraine."},{"key":"e_1_3_2_2_111_1","unstructured":"VirusTotal. 2022. YARA Documentation. https:\/\/yara.readthedocs.io\/en\/stable\/index.html."},{"key":"e_1_3_2_2_112_1","unstructured":"Vx-Underground. 2025. Vx-Underground. https:\/\/vx-underground.org\/."},{"key":"e_1_3_2_2_113_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"e_1_3_2_2_114_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2025.230822"},{"key":"e_1_3_2_2_115_1","volume-title":"Combating Advanced Persistent Threats: Challenges and Solutions","author":"Wang Yuntao","year":"2024","unstructured":"Yuntao Wang, Han Liu, Zhendong Li, Zhou Su, and Jiliang Li. 2024. Combating Advanced Persistent Threats: Challenges and Solutions. IEEE Network (2024)."},{"key":"e_1_3_2_2_116_1","unstructured":"Wikipedia. 2024. FIN7. https:\/\/en.wikipedia.org\/wiki\/FIN7."},{"key":"e_1_3_2_2_117_1","unstructured":"Wikipedia. 2025a. 2015 Ukraine Power Grid Hack. https:\/\/en.wikipedia.org\/wiki\/2015_Ukraine_power_grid_hack."},{"key":"e_1_3_2_2_118_1","unstructured":"Wikipedia. 2025b. COVID-19 Pandemic. https:\/\/en.wikipedia.org\/wiki\/COVID-19_pandemic."},{"key":"e_1_3_2_2_119_1","unstructured":"Wikipedia. 2025c. Cozy Bear. https:\/\/en.wikipedia.org\/wiki\/Cozy_Bear."},{"key":"e_1_3_2_2_120_1","unstructured":"Wikipedia. 2025d. Cyber Threat Intelligence. https:\/\/en.wikipedia.org\/wiki\/Cyber_threat_intelligence."},{"volume-title":"2025 e","key":"e_1_3_2_2_121_1","unstructured":"Wikipedia. 2025 e. Double Dragon (Hacking Group). https:\/\/en.wikipedia.org\/wiki\/Double_Dragon_(hacking_group)."},{"key":"e_1_3_2_2_122_1","unstructured":"Wikipedia. 2025 f. Fancy Bear. https:\/\/en.wikipedia.org\/wiki\/Fancy_Bear."},{"volume-title":"2025 g","key":"e_1_3_2_2_123_1","unstructured":"Wikipedia. 2025 g. Lazarus Group. https:\/\/en.wikipedia.org\/wiki\/Lazarus_Group."},{"key":"e_1_3_2_2_124_1","unstructured":"Wikipedia. 2025 h. Russo-Ukrainian War. https:\/\/en.wikipedia.org\/wiki\/Russo-Ukrainian_War."},{"volume-title":"2025 i","key":"e_1_3_2_2_125_1","unstructured":"Wikipedia. 2025 i. Sandworm (Hacker Group). https:\/\/en.wikipedia.org\/wiki\/Sandworm_(hacker_group)."},{"key":"e_1_3_2_2_126_1","unstructured":"Davey Winder. 2020. 'Elite Hackers' Thought Behind Cyber Attack on World Health Organization. https:\/\/www.forbes.com\/sites\/daveywinder\/2020\/03\/25\/hackers-target-world-health-organization-as-cyber-attacks-double-during-covid-19-pandemic\/."},{"key":"e_1_3_2_2_127_1","unstructured":"Jonathan Yerushalmy. 2024. China Cyber-Attacks Explained: Who Is Behind the Hacking Operation Against the US and UK? https:\/\/www.theguardian.com\/technology\/2024\/mar\/26\/china-cyber-attack-uk-us-explained-hack-apt-31."},{"key":"e_1_3_2_2_128_1","unstructured":"Zawya. 2024. Positive Technologies: Cyberattackers Targeting Telecommunications and the Military-Industrial Complex in the Middle East. https:\/\/www.zawya.com\/en\/press-release\/research-and-studies\/positive-technologies-cyberattackers-targeting-telecommunications-and-the-military-industrial-complex-in-the-middle-east-f1aazssc."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765085","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765085","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:30:32Z","timestamp":1766442632000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765085"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":128,"alternative-id":["10.1145\/3719027.3765085","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765085","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}