# Notes

# CIO Company Address

## CIO Update

### Network Issues
    - Slowdowns
    - Webpages taking forever to load
    - Difficulty accessing services or complete downtime
    - servers randomly crashing & rebooting without any clear Explanation
    - Spike in network traffic & bandwitdth
    - Infastructure strain
    - Revenue loss
    - Potential client distrust & client loss

### Notes
    - Possible Denial of Service Attack
        - Competitor to steal business?
        - Nation State Actor?
            - Clients are private sector, government, and infastructure, trasnportation, and energy. 
            - Possibly they want to disrupt critical services and criple economy.

# Introduction to Advanced Persistent Threats

Email from John Carter to Fellow IT Team

Potential Cyber Threat Actors responsible for the attack impacting Nexora Dynamics

APT - Sophisticated Cyebr Attackers that operate golablly each with their own targets tools and motivations 

Four Groups:
    APT 33 - Elfin
        Originating from Iran
        Focuses on Sectors like Energy, aerospace, petrochemcials, and manufacturing
        Main motivation is Espionage and disruption of critical infastructure, particular interest in middle east and the western world 
        Attack Vectors: 
            Spear Phishing 
                (Highly Targeted Emails that exploit vulnerabiliteis in attachements or links putting malware directly on the victims systems.) Powershell based malware to enable persistent backdoors into victims systems. 
            Credential Harvesting and Lateral Movement
                Once inside use tools to steal credentials and move laterally. Known to deploy destructive wiper malware
    APT 28 - Fancy Bear
        Russia Based Group
        Targeting government entities, political organizations, media outlets, and defense contractors
        Attack Vectors:
            Spear Phishing
            Credential Theft
                Use social engineering to steal credentials to high profile accounts
            Toolkit of sophisticated malware 
                Espionage, Remote Access,
            C2 Infastructure
            Politically Motivated   
    APT 34 - OilRig
        Iran Linked group
        Targets financial Sector, telecommunications, government agencies, and energy firms
            Emphasis on middle eastern companies, and their allies. 
        Attack Vectors:
            Phishing 
                Use social engineering tactics to compromise networks 
            Credential Harvesting
                Gather user credentails
            WEb based Exploits and VPN attacks 
                Exploit vulnerabilites in web applications and vpns to gain access to internal systems. 
                Allows them to remain hidden while they gather intelligence
            Custom Backdoors and Scanning Tools
                Used to maintain access 
                Also known for their lateral movement capabilities 
                Find high value targets 
            Espionage, Survillence, long term footholds in network
    APT 29 - Cozy Bear
        Russian Linked Group
        Known for is stealthy focus on government agencies, dimplocatic institutions, and think tanks
        High rofile espionage campaigns aimed at gathering intelligence from werstern targets
        Attack Vecotrs:
            Sohpicsticated Speat Phishing
                Deploy Advanced Malware, through attachments or cloud services, 
            Supply Chain Attacks
            Infiltrate Third party vendors to reach tehir targets
            Custom malware and advanced persistence
                Invade detection and maintain longterm access
                Living Off the Land Techniques
            CLoud servies and legitimate software to blend in with network traffic
            Difficult to detect thier activiteis

# Equipment

Key Infastructure Imacated, Integral to both inertnal operationbs and external system delivery

Web Server puiblic facing application
    Substancial delays in response times and service availablitlity to to abnormla traffic volumes
    Increase page load times and intermittented unavailabliltiy 
Database Server | proccessing and storing critical business data
    Resource exhaustion
    CPU and Memory usuage spiked significantly during the period of disruption leading to crashes and data restrieval issues
Load Balancer
    unable to handle the suddent increase in incoming requests
    system strugled to maintain an even distribution causing some servers to become overwhelmeed while other remained under utalized
Firewall
    Has been under heacvy strain due to to the high volume of incoming connection attempts
    Many were flagged as suspicious
    proccesing and inspection processes caused bottlenecks 
        further contributing to system slowdowns
Router
    handling a significant amount of unexpected traffic
    resulted in packet loss and increased latency
    distrupted data flow and contributed to network instability
switch
    experienced congestion due to excessive traffic between devices
    Delays in internal communications and degraded performance or critical internal applications
Contend Delivery Network (CDN)
    Responsible for distributing content to users has experienced significant delays in delivering services to clients
    Unuasally high traffic volumes have overburdened the CDNs capactity causing delys and occasianl time outs in content delivery
DNS Server
    Heaveliy targeted leading to disruptions in resolving domain names to ip addresses 
    Caused widespread connectivity issues in both internal and extneral users
Email Server
    Significant backlog of emails and delays in delivery due to netwokr congestions
    impacted internal communication and delayed responses to external queryies 
VPN Gateway
    Responsible for managing secure remote connections has been intermittenlty inaccessible 
    Influx of connection attempts overloaded the gateway affecting access for employees and partners

# Interviews

## Sarah

### About
    - Employee
    - Describes challanges she has recently faces with Nexora network and web server.
#### Notes
    - Network Slow
    - Affects productivity
    - Tasks such as sending and email or accessing files take longer than they should
    - Webserver was working one day and then stopped the next
        - No one could access it
    - Lots of disruption
    - Access to workday & benefits are inconsistent and sometimes does not load
## John Carter

### About
    - Employee | Junior Network Engineer
    - Update on his oversvations regarding the network issues
    - Started 1 Week ago

#### Notes
    - Noticable slowdown on network
    - webpages taking much longer to load than usual
    - Users reported difficulty accessing services
        - Few cases sevice unavailable errors
    - Sudden spike of traffic from a range of IP Addresses that do not typically interact with the network
    - Bandwidth usage unusally high
        - No increase in legitimate user activity
    -Possiblity of more down time & performace issues

##### Oberservations
    - Increase Network Traffic
    - Slow and unresponsive web traffic and devices
    - Productivity lowered
        - Denial of service by increasing network traffic to a point of inusability