Advanced Persistent Threat (APT) groups continue to be one of the most damaging threats facing the cyber landscape. Whilst many different detection and defence mechanisms have been used for protection, often the most effective method can be through our understanding of the landscape.

This case study follows my investigation into one of the most prolific ATP groups known as Trickbot, who are based in Russia. Within this research, I was able to uncover the fundamentals of Trickbot’s cybercrime operations through their leaked internal communications. This included their internal processes, management structures, and custom tooling. Using this, I will explore the key place that APT analysis holds within cybersecurity and how by gaining a deeper understanding of threat groups, a complete and effective defensive stance can be built"