Advanced Persistent Threats (APTs)

February 8, 2018

You are here:
< Back

What Is An Advanced Persistent Threat (APT)?

What is an Advanced Persistent Threat (APT)? The definition many surprise you. APTs are adversaries that possess sophisticated levels of expertise & significant resources which allow them to create opportunities to achieve their objectives by using multiple attack vectors (e.g., cyber, physical & deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning themselves to carry out these objectives in the future.

The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.
SOURCE: SP 800-39

Advanced Persistent threat cybersecurity best practices

Here are some examples of advanced persistent threats (APTs):
Stuxnet- A sophisticated computer worm discovered in 2010 that targeted Iran’s nuclear program 
Cozy Bear (APT29)- A Russian-origin adversary that uses spear phishing campaigns to deliver malware 
APT38- Linked to North Korea, APT38 is known for its financially motivated attacks, including the 2014 Sony Pictures hack 
Titan Rain-A series of coordinated attacks on American computer systems that began around 2003 
Ocean Buffalo- Targeted China’s Ministry of Emergency Management and the Wuhan provincial government during the COVID-19 pandemic. 
APTs are stealthy, and can be challenging to detect & defend against. Some common APT techniques include: 
Exfiltration- Attackers gradually collect and transfer valuable data out of the network. They might use distraction events like DDoS attacks to draw attention away from the data theft. 
Rootkits- Stealthy malicious programs that give APT attackers remote control over a target system. They are often introduced through email phishing. 
Data capture and exfiltration- Attackers focus on capturing and exfiltrating sensitive data. They might use encryption algorithms to mask their activities.