Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.
Table of contents
An advanced persistent threat (APT) is defined as a sophisticated, multi-staged cyberattack whereby an intruder establishes and maintains an undetected presence within an organization’s network over an extended period of time.
The target may be a government or a private organization and the purpose may be to extract information for theft or to cause other harm. An APT may be launched against one entity’s systems to gain access to another high-value target. Both private criminals and state actors are known to carry out APTs.
The groups of threat actors that pose these APTs are carefully tracked by multiple organizations. Security firm CrowdStrike tracks over 170 APT groups, and reports having observed a nearly 45% increase in interactive intrusion campaigns from 2020 to 2021. While (financial) e-crime is still the most common motive identified, nation-state espionage actions are growing more rapidly and now a strong second in frequency.
An APT is comprised of three main stages:
Intelligent Security Summit
Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.
Network infiltrationThe expansion of the attacker’s presenceThe extraction of amassed data (or, in some cases, the launch of sabotage within the system)Because the threat is designed to both avoid detection and reach very sensitive information or processes, each of these stages may involve multiple steps and be patiently conducted over an extended period of time. Successful breaches may operate undetected over years; but some actions, such as jumping from a third-party provider to the ultimate target or executing a financial exfiltration, may be done very rapidly.
APTs are known for using misdirection to avoid correct, direct attribution of its work. To throw off investigators, an APT for one country might embed language from another country within their code. Investigating firms may have close relationships with a government’s intelligence agencies, leading some to question the objectivity of their findings. But especially with widespread attacks, consensus may be found.
Perhaps the best-known recent APT is the SolarWinds Sunburst attack that was discovered in 2020, but problematic well into 2021. The U.S. Government Accountability Office (GAO) provides a timeline of its discovery and the private and public sector response. Another recently discovered APT is Aquatic Panda, which is believed to be a Chinese group. As listed in MITRE’s ATT&CK database, it is believed to have been active since at least May 2020, conducting both intel …