To search, Click below search items.


All Published Papers Search Service


Characterizing Combatants of State-Sponsored APT in Digital Warfare by Reported Blocklist Database


Ruo Ando and Hiroshi Itoh


Vol. 22  No. 3  pp. 541-546


Recently, the activity of the APT group has become organized and international. Unfortunately, the combatants in digital warfare are hybrid, and the distinction between types of combatants is hard to determine. In this paper, we present a new method for characterizing the combatants in state-sponsored APT by using the reported blocklist database. In the characterization, we use two open-source indicators of Grizzly Steppe and Hidden Cobra. We have obtained information from the reported blocklist database with the list of 877 and 633 IP addresses and analyzed the list of extracted country codes and IP address usage types. It turned out that two activities of APT can be well characterized by the distribution of countries and usage type.


Digital warfare, APT, Grizzly Steppe, Hidden Cobra, reported blocklist database.