APT or Advanced Persistent Threat is a continuous, stealthy and sophisticated process of hacking a particular target until a defined object is achieved. Herein we’ll explore in more detail of what an APT is as well as define the targets, methods and motivation of them. After dozens of questions from our customers, we have detailed this write up to explain the basics of APTs.
APT involve an advanced adversary with expert level knowledge. The APT adversary uses their expertise to employ advanced methods against you, its target. This means that the both the adversaries and methods go well beyond what you might understand of the run of the mill ‘hacker’. This adversary isn’t a script kiddie living in her/his parents basement, but a formidable foe. These malicious actors are highly skilled individuals, organization or nation state. APTs bring to bear expert level skills, resources and expertise. These malicious actors are often a nation-state, foreign government or even a cybercriminal collective. APT actors employ a variety of advanced methods that allow them to be successful over a longer engagement with you – their target.
These attacks differ from many other types of cyber threats in that they don’t aim to quickly exploit, exfiltrate or and profit from cybercriminal activities. APT is not grab and go data theft or exfiltration. Instead, these advanced adversaries attempt to gather what they seeks in a slow, methodical way while maintaining an undetected presence in your environment. They will remain active in the pursuit of their goals via sustained campaigns using any means necessary to achieve their goals. This skilled and determined adversary will persist until their goals are achieved.
As we have explored earlier, APT methods are as advanced and varied as the adversaries themselves. These cybercriminals will employ a variety of methods to establish a foothold in your IT infrastructure. This could involve sending a carefully crafted phishing email from a company you do business with or a social network you might use. Thinking this is a legitimate email you might click on the link and then be unknowingly redirected to a malicious site set up by the hacker that could capture your passwords, install malware or otherwise collect sensitive information. They might call pretexting as a partner or vendor and social engineer a member of your staff to obtain passwords, remotely connect to a users machine or simply harvest information. Methods can be as varied as social engineering, custom malware and zero day exploits. APTs will use a myriad of techniques and technologies to obtained their desired end.
The objectives of an APT can be as varied as any other cyber criminal activities. The threat actor could have a goal of stealing your intellectual property, damaging your reputation or even selling your customer data. A few examples of APT motivation might be: stealing trade secrets, gathering intelligence, obtaining competitive advantage, or even extracting some financial gain. Keep in mind that the goal can be varied and isn’t always a financial one. These APT actors aims can be as multitudinous as their malicious methods.
Who APTs Target
APTs target a variety of organizations but are most often associated with high value targets such as government agencies, defense companies, manufacturing or even financial importance. However, these industries are by no means the only target. Industries are as varied as aerospace, entertainment/media, healthcare and utilities to name a few. In a more general sense, APT threat actors target any organization or person of strategic or economic importance to their malicious ends. Therefore, it is important to note that any organization with assets valued by the threat actor (adversary) is a potential target. Truly anyone can be a target of APT.
Hopefully this post adds to your understanding of the basics of Advanced Persistent Threats. They have both means in terms of funding, resources and expertise required. They are not your run of the mill cybercriminal but a whole new level of knowledge, skill and expertise. They persist well beyond what you might expect. In a future post we’ll explore some of the changes you and organization can take to address APTs. Until then, please feel free to join our newsletter and or, leave a comment/question below.