Network Sniffing involves capturing, decoding, inspecting and interpreting the information inside a network packet on a TCP/IP network. The purpose is to steal information, usually user IDs, passwords, network details, credit card numbers, etc. Sniffing is generally referred to as a “passive” type of attack, wherein the attackers can be silent/invisible on the network. This makes it difficult to detect, and hence it is a dangerous type of attack.

Malware/Threat actors

Name	Type	Years	Source
Operation Cleaver	threat actor	2012-2013	Cylance_Operation_Cleaver_Report.pdf stamp.jsp?tp=&arnumber=7460498&tag=1
Regin	malware	2008-2013	regin-analysis.pdf Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf ICIT-Brief-Know-Your-Enemies-2.0.pdf stamp.jsp?tp=&arnumber=7460498&tag=1
Epic Turla	threat actor	< Known years active >	The_Epic_Turla_Operation.pdf KL_Epic_Turla_Technical_Appendix_20140806.pdf ICIT-Brief-Know-Your-Enemies-2.0.pdf Turla_2_Penquin.pdf
APT32	threat actor	2014-2017	SpyRATsofOceanLotusMalwareWhitePaper.pdf oceanlotus-ships-new-backdoor oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society
APT39	threat actor	2014-2019	iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets
BlackEnergy	malware	2015	ukraine-report-when-the-lights-went-out.pdf Operation-Potao-Express_final_v2.pdf blackenergy_whitepaper.pdf
Threat Group 3390	threat actor	2010-2018	threat-group-3390-targets-organizations-for-cyberespionage bronze-union 86083

Preventions

<Mitigation techniques>

Detections

<Detection techniques>

Toolkit

<Toolkit instructions, if applicable>

Similar techniques

• Service enumeration
• Port scanning

References

• Cyber Security Attacks Network Sniffing