Cyber Threat Intelligence

Racing the Patch: N-day Exploitation Patterns in Nation-State Cyber Operations (2024-2025)

Abstract:

Conventional narratives position zero-day exploits as the hallmark of Advanced Persistent Threat (APT) sophistication, shaping defensive resource allocation toward exotic threat detection. This study challenges that assumption through empirical analysis of 60 verified APT campaigns (January 2024-July 2025). Social engineering dominates initial access at 40%, while zero-day exploitation accounts for only 8.3%. N-day vulnerabilities exceed zero-days at 13.3%, suggesting time-to-patch matters more than exploit novelty. Dwell-time analysis reveals a detection paradox: living-off-the-land techniques persist longest (156 days), while zero-days are detected fastest (42 days). Defenders should prioritise identity-centric controls and accelerated patch-window closure over zero-day detection capabilities.

Published In

Volume 25, Issue 2

Written By

Raymond Andre Hagen

Four Foreign Forces: A CTI Analysis of APTs Targeting the U.S.

Abstract:

This paper analyzes the cyber threat landscape posed by advanced persistent threats (APTs) attributed to China, Iran, North Korea, and Russia. It focuses on active groups and their cyber activities targeting the United States. Utilizing cyber threat intelligence data from authoritative sources such as Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence (ODNI), Mandiant, and MITRE, this study identifies twelve key APT groups attributed to the four adversarial nations and creates a quick profile for each nation and group. It explores the common techniques and sub-techniques employed by each nation and then across all four nations. Examination of these nations, groups, and techniques then informs a list of six actionable mitigations that will enhance cybersecurity defenses targeting these adversarial groups in an efficient manner: User Training, Restrict Web-Based Content, Privileged Account Management, Network Intrusion Prevention, Execution Prevention, and Antivirus/Antimalware.

Published In

Volume 23, Issue 4

Written By

Bryon Miller

Critical Roles of Information, Analysis, Research, and Operations in the Cyber Realm

Abstract:

PNNL developed an Adaptive Cyber Integration Framework (ACIF) in a pilot program to facilitate the timely sharing of cyber threat information along with the advancement of situational awareness tools to enhance protection against and respond to critical infrastructure cybersecurity threats. ACIF comprises components implemented iteratively to achieve research and mission goals. The ACIF components include data-generation technologies, analytic-tools development and maturation, data enrichment and fusion, trust building with stakeholders, investigative research, analytic rigor, production, and dissemination. Each component, its importance to the ACIF, and how each can be adopted and applied across other information-sharing sectors and domains are discussed as a case study in this paper.

Published In

Volume 20, Issue 2

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS
ICT

i

J

K

L

M

N
NEC
NSA
NSS

O

P
PDA

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com