Table of Contents
Advanced persistent threat
Advanced Persistent Threat
An **Advanced Persistent Threat (APT)** is a sophisticated and targeted cyberattack orchestrated by highly skilled threat actors, such as nation-state actors, organized crime groups, or advanced hacker collectives. APT attacks typically involve a prolonged and stealthy infiltration of a target's network or systems, aiming to steal sensitive data, disrupt operations, or gain unauthorized access for espionage purposes. These attacks often employ advanced techniques, including zero-day exploits, social engineering, and custom malware, to evade detection by traditional security measures. APT actors are known for their persistence, adaptability, and ability to maintain long-term presence within compromised networks, making them particularly challenging for organizations to detect and mitigate. APT attacks pose significant risks to governments, enterprises, and critical infrastructure sectors, highlighting the importance of robust cybersecurity defenses and proactive threat intelligence efforts to defend against such threats. For more information, refer to s://www.fireeye.com/current-threats/apt-groups.html(https://www.fireeye.com/current-threats/apt-groups.html).
- Snippet from Wikipedia: Advanced persistent threat
An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.
Such threat actors' motivations are typically political or economic. Every major business sector has recorded instances of cyberattacks by advanced actors with specific goals, whether to steal, spy, or disrupt. These targeted sectors include government, defense, financial services, legal services, industrial, telecoms, consumer goods and many more. Some groups utilize traditional espionage vectors, including social engineering, human intelligence and infiltration to gain access to a physical location to enable network attacks. The purpose of these attacks is to install custom malware.
APT attacks on mobile devices have also become a legitimate concern, since attackers are able to penetrate into cloud and mobile infrastructure to eavesdrop, steal, and tamper with data.
The median "dwell-time", the time an APT attack goes undetected, differs widely between regions. FireEye reported the mean dwell-time for 2018 in the Americas as 71 days, EMEA as 177 days, and APAC as 204 days. Such a long dwell-time allows attackers a significant amount of time to go through the attack cycle, propagate, and achieve their objectives.