Weak Link in the Supply Chain

Do you know how to protect your trade secrets from the Russian attackers known as Cozy Bear or APT29? Learn to detect signs of advanced persistent threats along your whole supply chain and defend your network from attacks like the SolarWinds compromise.

Actors
APT29
Associated Groups
G0016
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Campaign Outline

Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.

Overview

Threat actors use the technique Compromise Software Supply Chain by altering software that they know their victims will use. They include a backdoor that will give them access to their victim's network once the software is installed. You will detect this technique in a virtual lab and master how to mitigate this threat.

Overview

Threat actors use the techniques Unsecured Credentials and Domain Accounts to obtain credential access and gain persistence. In this emulation of how the threat group APT29 would use these techniques, you will get hands-on practice detecting this activity so you can protect your organization from highly sophisticated advanced persistent threats.

Overview

Sophisticated threat actors like APT29 will use the techniques Disable Windows Event Logging and Timestomp for defense evasion to prevent defenders from seeing their presence on the network. You will detect this nefarious activity in our virtual lab so you can react to advanced attackers and outsmart them.

Overview

In order to achieve lateral movement, threat actors will use a valid account to access remote systems, such as the Windows Remote Management service. In this way, the threat actor can move around the network and search for valuable information or greater access. Learn more and get hands-on with this technique by detecting it in our virtual lab.

Overview

Threat actors like APT29 use Application Layer Protocols for Command and Control (C2) so they can blend in and avoid detection. They also may attempt to steal data and exfiltrate it to a cloud storage service as the end-goal of their attack. In this course, you will learn about these techniques and get practice detecting them in our virtual lab.