State-of-the-Art in Chinese APT Attack and Using Threat Intelligence for Detection. A Survey

This survey is Chinese Advanced Persistent Threat (APT) real attack groups and scenarios. This survey provides a taxonomy of Chinese APT groups/attacks in conjunction with the use of Threat Intelligence (TI) to detect and prevent the attacks. This paper will provide the current knowledge and emerging APT groups that target governments and private enterprises. In addition, this paper presents, contributions, performance comparison and methods of criticism of detection in the current solutions. The study covers many attack groups funded by different Chinese governments to attack other governments around the world, taking into account that each group is specialized to attack specific sectors, some of them attack the military, police and intelligence departments, and some attack the banking, commercial and agricultural sectors, and some attack the information technology, health, arts, and nanotechnology sectors, etc. In this paper, we propose solutions at the first potential victim, and at the network, level to stop APT attacks. We recommend that there must be multi-layer protection over the first machine and infrastructure to detect and prevent APT attacks. This Paper will use adversarial tactics techniques and common knowledge (ATT&CK) as a knowledge base. We recommend researchers focus on ATT&CK, and TI to develop a solution against APT attacks.