What is an Advanced Persistent Threat (APT)? The definition many surprise you. APTs are adversaries that possess sophisticated levels of expertise & significant resources which allow them to create opportunities to achieve their objectives by using multiple attack vectors (e.g., cyber, physical & deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning themselves to carry out these objectives in the future.
The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives. SOURCE: SP 800-39
Stuxnet- A sophisticated computer worm discovered in 2010 that targeted Iran’s nuclear program
Cozy Bear (APT29)- A Russian-origin adversary that uses spear phishing campaigns to deliver malware
APT38- Linked to North Korea, APT38 is known for its financially motivated attacks, including the 2014 Sony Pictures hack
Titan Rain-A series of coordinated attacks on American computer systems that began around 2003
Ocean Buffalo- Targeted China’s Ministry of Emergency Management and the Wuhan provincial government during the COVID-19 pandemic.
APTs are stealthy, and can be challenging to detect & defend against. Some common APT techniques include:
Exfiltration- Attackers gradually collect and transfer valuable data out of the network. They might use distraction events like DDoS attacks to draw attention away from the data theft.
Rootkits- Stealthy malicious programs that give APT attackers remote control over a target system. They are often introduced through email phishing.
Data capture and exfiltration- Attackers focus on capturing and exfiltrating sensitive data. They might use encryption algorithms to mask their activities.