A B C D E F I M N P R S T V W Z
Ad An
Adv Adw

Advanced Persistent Threat

What is an Advanced Persistent Threat (ATP)?

An advanced persistent threat (APT) is a stealthy threat actor, typically a nation-state or state-sponsored group(s), which gains unauthorized access to computer networks and remains undetected for an extended period.


Key Takeaways


APTs versus Traditional Cyberattacks

Unlike traditional network and web application threats, APTs are significantly intricate. They are mot hit and run incidents. Instead, APT actors remain in a system for an extended period to gather intelligence and steal information.

APT Motivations and Targets

APT motivations are primarily political or economic. The groups seek to steal, spy, or disrupt operations in different business sectors and government agencies. Cybercriminals carefully choose and research the targets of APT attacks.

Popular sectors that the threat actors target include:

APT Tools and Tactics

APT groups utilize espionage vectors, including human intelligence and infiltration, malware, and social engineering, to gain unauthorized access to systems and networks. In most cases, cybercriminals leverage social engineering to install custom malicious software.

A successful APT attack can be categorized into three stages, as follows:

  1. Stage 1 – Infiltration: Hackers target organizations by compromising web assets, network resources, and human users. APT actors deploy different techniques like malicious uploads, SQL injections, and social engineering attacks to gain unauthorized access
  2. Stage 2 – Expansion: After the attackers establish the foothold, they broaden their presence within the network. They move up an organization’s hierarchy, compromising other assets and employees with access to confidential information.
  3. Stage 3 – Extraction: Cybercriminals steal and transfer massive information to a secure location without being detected.

APT Dwell-Time

APT stealthy actors utilize tools and tactics that allow criminals to remain undetected for long. FireEye puts the global median dwell-time (the time APT attack remains undetected) at 78 days in 2018. Organizations continue to improve their detection capabilities to reduce the dwell-time. However, having a cybercriminal in an environment for more than a month gives them a significant amount of time to go through an attack cycle and achieve their objective.

APT Features

APT threat actors have the following features that form their name:

APT Impacts

APT attack impacts are vast. They include:

Preventing APT Attacks

As mentioned, APT threat actors are stealthy and challenging to detect. Some of the solutions to deter APT attacks include:

George Mutune

I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today's business environments.