State-Sponsored Cyber Attacks: Monitoring and Engaging Skilled Threat Actors

Title of the Talk: State-Sponsored Cyber Attacks: Monitoring and Engaging Skilled Threat Actors
Speakers: Dr. Venkata Sai Charan Putrevu
Host Faculty: Saurabh Kumar
Date: Aug 04, 2025
Time: 02:30 pm
Venue: CS-LH2

Abstract: APT (Advanced Persistent Threat) is a class of cyber threat which is often realized through advanced tactics, techniques and procedures (TTPs) by highly resourced cyber-attack groups, eponymously named APT groups. These APT groups work with specific objectives such as espionage, data theft, disruption, or destruction of critical systems. Their usual modus operandi is to infiltrate and remain undetected within a target organization’s network for an extended period waiting for commands from their command & control servers handled by the APT group operators. The APT groups are usually state-sponsored or highly organized and resourceful cybercriminal groups, making identification and attribution of persistent threats inside an organization extremely challenging even for seasoned security experts. The evolution of TTPs used by APT groups also make it very difficult to attribute the persistent threats when detected through forensic methods. There is a rapid rise in target-specific cyber-attacks worldwide due to proliferation of the state sponsored APT groups. In 2021, the Red Echo group attributed to China by a threat intelligence company ‘Recorded Future’ was found to be lurking in several Indian ports and power grids infrastructures. Further incidents have been uncovered since then, and they have necessitated research, discovery, tracking, and eviction of persistent threats from Indian critical infrastructure. These attacks target sensitive sectors such as government, defense, and critical infrastructure, causing significant economic and national security implications. Although traditional and hybrid methods for detecting APTs are available, they are becoming less effective against the robust new generation of stealthy and persistent malware and advanced evasion techniques.

Given the virulence of these APT groups in Indian cyberspace, this talk focuses on mechanisms for collecting organization-specific threat intelligence, designing and orchestrating tailored deception strategies through strategically positioned attack paths to lure APT threat actors, and developing camouflaged applications for intelligence gathering. Collectively, this talk highlights ongoing efforts in combating APTs and enhancing the effectiveness and credibility of monitoring, detection, and attribution mechanisms.

Bio: Venkata Sai Charan Putrevu is a Postdoctoral Scholar in the Department of Electrical and Computer Engineering at New York University, hosted by Prof. Ramesh Karri. He earned his Ph.D. in the Department of Computer Science and Engineering at IIT Kanpur, where he was advised by Prof. Sandeep Kumar Shukla. During his doctoral tenure, he was a Prime Minister’s Research Fellow and a C3i Research Fellow at IIT Kanpur.

His research intersects Computer Security, Malware Analysis, and Software Engineering, with a specific emphasis on addressing contemporary cybersecurity challenges, including Advanced Persistent Threats (APTs) and their attribution, as well as the early detection and containment of Crypto Ransomware.

Prior to joining IIT Kanpur, he worked as a Software Developer at CISCO Systems (Bangalore), focusing on Layer 2 (L2) and Layer 3 (L3) network protocols. He also served as a Research Intern at DELL-RSA, the cybersecurity division of Dell, where he contributed to solutions related to Intrusion Detection and Prevention Systems (IDPS).