AI-enhanced cybersecurity: Machine learning classification application for APT malware attribution

As technology becomes ever more integrated into daily tasks, the possibilities for conducting attacks against it increase as well. This gives rise to a number of challenges in the cybersecurity and technological fields. One such challenge is malware attribution, especially when it comes to determining the source and related threat actor of complex assaults. This article proposes a new machine learning-based method for Advanced Persistent Threat (APT) attribution that uses a dual-classifier system to predict the malware sample's nation of origin as well as the APT organization that is responsible for it. For the purpose of the research, the chosen dataset consists of roughly 3,500 tagged state-sponsored malware samples gathered from a variety of threat intelligence sources, containing information on malware hash values, malware family, connected country, etc. The model leverages static features extracted from the malware, including cryptographic hash values (MD5, SHA1, SHA256) and malware family labels, to build robust Random Forest classifiers. The choice of static analysis allows for efficient and scalable feature extraction, making the approach well-suited for large-scale datasets and real-time applications. The experimental results show an achievement for APT accuracy reaching 100% or very close to 100%, while the country accuracy was around 70%.