Advanced persistent threat

[1][2] In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

[4] Every major business sector has recorded instances of cyberattacks by advanced actors with specific goals, whether to steal, spy, or disrupt.

[5][6][7] Some groups utilize traditional espionage vectors, including social engineering, human intelligence and infiltration to gain access to a physical location to enable network attacks.

Definitions of precisely what an APT is can vary, but can be summarized by their named requirements below: Warnings against targeted, socially-engineered emails dropping trojans to exfiltrate sensitive information were published by UK and US CERT organisations in 2005.

[16] Advanced persistent threat (APT) as a term may be shifting focus to computer-based hacking due to the rising number of occurrences.

[22][23][24] Businesses holding a large quantity of personally identifiable information are at high risk of being targeted by advanced persistent threats, including:[25] A Bell Canada study provided deep research into the anatomy of APTs and uncovered widespread presence in Canadian government and critical infrastructure.

[28] Actors behind advanced persistent threats create a growing and changing risk to organizations' financial assets, intellectual property, and reputation[29] by following a continuous process or kill chain: In 2013, Mandiant presented results of their research on alleged Chinese attacks using APT method between 2004 and 2013[30] that followed similar lifecycle: In incidents analysed by Mandiant, the average period over which the attackers controlled the victim's network was one year, with longest – almost five years.

As separate researchers could each have their own varying assessments of an APT group, companies such as CrowdStrike, Kaspersky, Mandiant, and Microsoft, among others, have their own internal naming schemes.

CrowdStrike assigns animals by nation-state or other category, such as "Kitten" for Iran and "Spider" for groups focused on cybercrime.

A diagram depicting the life cycle staged approach of an advanced persistent threat (APT), which repeats itself once complete.
vectorial version
vectorial version