Focusing on the Weakest Link: A Similarity Analysis on Phishing Campaigns Based on the ATT&CK Matrix

Youngsup Shin, Kyoungmin Kim, Jemin Justin Lee, Kyungho Lee

Research output: Contribution to journalArticlepeer-review

5 Citations (Scopus)


In the past, phishing techniques were a common means of attack carried out by individuals or small groups via spam mail on a randomly selected target. However, in recent years, phishing techniques have been adopted by advanced persistent threat (APT) groups to attack organizations such as the Sony Pictures Enterprise and Korea Hydro & Nuclear Power. As such, our study aims to analyze the past campaigns conducted by the APT groups. We aim to propose a countermeasure that corresponds to the phishing campaign by collecting datasets pertaining to the phishing techniques. Based on our past study, we collected private and public data from 16 different cases that utilize a phishing attack. Our research adopted MITRE's ATT & CK framework and tactic, techniques, and procedures (TTPs) to extract and examine the various campaigns. The framework proposed in this study makes considerable contributions to both the private and public sectors, as the framework aids the organizations in counteracting the malicious threats performed by the APT groups.

Original languageEnglish
Article number1699657
JournalSecurity and Communication Networks
Publication statusPublished - 2022

Bibliographical note

Publisher Copyright:
© 2022 Youngsup Shin et al.

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Focusing on the Weakest Link: A Similarity Analysis on Phishing Campaigns Based on the ATT&CK Matrix'. Together they form a unique fingerprint.

Cite this