One step ahead in cyber hide-and-seek: automating malicious infrastructure discovery with graph neural networks

Intel Name: One step ahead in cyber hide-and-seek: automating malicious infrastructure discovery with graph neural networks

Date of Scan: January 15, 2025

Impact: High

Summary:
When executing large-scale attacks, threat actors often leave traces by reusing, rotating, or sharing parts of their infrastructure during campaign automation. Defenders can exploit this behavior by pivoting on known indicators to identify newer infrastructure. This article highlights the advantages of automated pivoting, showcasing three case studies that uncover new indicators. Using a network crawler and graph neural network (GNN), we analyzed relationships among domains to detect additional malicious artifacts.

More Details