A method and apparatus for analyzing cyber threat intelligence data. The method includes: acquiring first and second CTI graphs including first and second CTI data, respectively, classified based on a first classification item; classifying the first CTI data and the second CTI data based on a second classification item determined depending on the first classification item; outputting a graph similarity of the first and second CTI graphs determined based on a first CTI similarity between the first and second CTI data when the first and second CTI data belong to the same classification as a result of the classification; setting the first CTI graph and the second CTI graph to be included in one group when the graph similarity is equal to or greater than a threshold value; and outputting CTI information including the first and second CTI data for each group.
展开▼