SY Shakhzod Yuldoshkhujaev
// Research Output

Publications

Work spanning APT analysis, messaging-platform forensics, malware analysis, and AI-assisted security research.

ACM CCS · Oct 2025 · First author

A Decade-long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends

ACM Conference on Computer and Communications Security (CCS), 2025. Distinguished Paper Award.

Selected Award Security
PDF DOI ArXiv WEB
▶ Abstract

An advanced persistent threat (APT) refers to a covert and long-term cyberattack, typically conducted by state-sponsored actors, targeting critical sectors and often remaining undetected for long periods. In response, collective intelligence from around the globe collaborates to identify and trace surreptitious activities, generating substantial documentation on APT campaigns publicly available on the web. While a multitude of prior works predominantly focus on specific aspects of APT cases, such as detection, evaluation, cyber threat intelligence, and dataset creation, limited attention has been devoted to revisiting and investigating these scattered dossiers in a longitudinal manner.
The objective of our study lies in filling the gap by offering a macro perspective, connecting key insights and global trends in the past APT attacks. We systematically analyze six reliable sources--- three focused on technical reports and another three on threat actors--- examining 1,509 APT dossiers (i.e., totaling 24,215 pages) spanning from 2014 to 2023 (a decade), and identifying 603 unique APT groups in the world. To efficiently unearth relevant information, we employ a hybrid methodology that combines rule-based information retrieval with large-language-model-based search techniques. Our longitudinal analysis reveals shifts in threat actor activities, global attack vectors, changes in targeted sectors, and the relationships between cyberattacks and significant events, such as elections or wars, which provides insights into historical patterns in APT evolution. Over the past decade, 154 countries have been affected, primarily using malicious documents and spear phishing as the dominant initial infiltration vectors, and a noticeable decline in zero-day exploitation since 2016. Furthermore, we present our findings through interactive visualization tools, such as an APT map or a flow diagram, to facilitate intuitive understanding of the global patterns and trends in APT activities.

JKIISC · Dec 2025 · Co-author

Online Messenger Forensics Across Platforms: A Systematic Comparative Study

Journal of the Korea Institute of Information Security & Cryptology, 2025.

Journal Forensics
PDF DOI
▶ Abstract

Instant messengers have become essential communication tools, widely used across varying platforms. The digital traces from user activities provide critical evidence for forensic investigations. However, differences in operating systems, storage architectures, and encryption techniques lead to variations in how data is preserved and what information can be collected from each messenger, which requires forensic investigation strategies tailored to each service. This study systematically compares 15 major messengers by examining storage locations, security mechanisms, artifact types, forensic tools, and data collection procedures. It analyzes the location and characteristics of artifacts based on platform environments, evaluating how combinations of tools and collection methods affect the scope of data recovery. By categorizing service-specific approaches and identifying technical constraints, we establish a forensic workflow adaptable to different platform environments. These findings necessitate standardized forensic procedures and the development of automated tools. Ultimately, we aim to design versatile analysis strategies applicable across a wide range of platforms and operational conditions.

CISC-W · Nov 2025 · First author

Evolving Attack Tactics against Messaging Applications

Information Security and Cryptography Winter (CISC-W), 2025.

Conference Messaging security
PDF
▶ Abstract

The adoption of End-to-End Encryption (E2EE) in messengers such as Signal, WhatsApp, and Telegram has reshaped the security landscape of digital communication. While cryptographic primitives like the Signal Protocol provide strong confidentiality and forward secrecy, real-world vulnerabilities arise from how these primitives are composed, implemented, and deployed. This survey reviews academic research on attacks against secure messaging systems across five areas: protocol pitfalls, implementation errors and insecure deployment, metadata exposure, phishing threats, and ecosystem and supply-chain risks. The collected studies show that weaknesses originate less from cryptography itself than from its integration into complex systems and user environments. Tracing these works reveals four consistent trends: a shift from primitives to composite protocols, from content to metadata, from implementation / deployment to human factors, and from an application to the ecosystem. We suggest future work toward reliable session and group management, practical metadata-leakage mitigations, safer in-app user defenses, and stronger distribution integrity to secure messaging applications against evolving attacks.

CISC-S · Jun 2025 · Co-author

Investigating the Acquisition and Analysis of Digital Artifacts for Messaging Applications

Information Security and Cryptography Summer (CISC-S), 2025.

Conference Digital artifacts
PDF
▶ Abstract

메신저 서비스는 다양한 플랫폼에서 활용되며, 사용자 행위에 따라 생성되는 디지털 흔적은 디지털 포렌식 분석에서 핵심적인 단서를 제공한다. 메신저 포렌식은 운영 체제, 저장 구조, 암 호화 기법의 차이로 인해 데이터 보존 방식과 수집 가능 정보가 달라지고, 분석 전략 또한 서비 스마다 상이하다. 본 연구는 주요 메신저 10종을 대상으로 저장 위치, 보안 구조, 아티팩트 유 형, 분석 도구, 수집 절차를 체계적으로 정리하고 비교한다. 플랫폼 환경에 따라 아티팩트의 위 치와 특성을 분석하고, 도구와 수집 방식의 조합이 복구 범위에 미치는 영향을 파악한다. 서비 스별 분석 접근 방식을 분류하고 기술적 제약 요인을 식별함으로써, 환경별 분석 흐름을 구조화 한다. 그 결과, 메신저 포렌식에서 일관된 절차 정립과 자동화 도구 설계가 필요한 지점을 도출 하며, 다양한 플랫폼과 조건에 적용 가능한 분석 전략 수립의 기반을 제시한다.

CISC-W · Nov 2024 · First author

Advanced Persistent Threats: Addressed and Open Research Questions

Information Security and Cryptography Winter (CISC-W), 2024.

Conference APT analysis
PDF
▶ Abstract

Advanced Persistent Threats (APTs) refer to sophisticated, long-term cyberattacks often carried out by state-sponsored actors targeting critical sectors and remaining undetected for extended periods. These attacks pose significant threats to national security and economic stability through espionage and sabotage. This paper surveys the current landscape of APT research, focusing on developments in detection methods, adversarial strategies, and cyber threat intelligence (CTI). Despite these advancements, unresolved challenges persist in areas such as APT tracking, zero-day vulnerability exploitation, and defense mechanisms for cloud and IoT systems. By highlighting both resolved and open research questions, this study aims to support ongoing efforts to enhance APT defense strategies and shape future research directions.