Advanced Persistent Threat

Advanced Persistent Threat (APT) is a terminology which is often used in the area of cyber threats (cyber attack) for describing the complex, purposeful and effective attack on critical IT infrastructures and confidential data from public authorities, large- and medium-sized enterprises from all sectors, which represent potential victims because of their technological lead.

In the course of such an Advanced Persistent Threat (APT) attack, the attacker will be targeted and optionally also gives great effort to first intrude into a computer for further penetration to the local IT infrastructure of the victim. The goal of Advanced Persistent Threat (APT) is to remain undetected as long as possible and to spy on sensitive information over a longer period of time is (this is cyber espionage) or otherwise to cause damage for longer term.

Differentiation of Advanced Persistent Threat (APT) From Conventional Attacks

In case of conventional attacks using a malicious software, the selection of victims is not limited, but in case of Advanced Persistent Threat (APT) attack the attack is performed only on a specific victim or at least very severely limited number of victims. Also, instead of using a single malicious software, a large number of techniques and tactics are used. In particular, the victim is explored before and the planned attack is precisely adjusted, the malware used for the attack is optimized as much as possible for the usage purpose, which will be waived in conventional attacks. People, such as individual hackers are not usually referred to as APT, since they rarely have greater resources and the necessary techniques for bringing such attacks.

Definitions, Characteristics and Life Cycle of Advanced Persistent Threat (APT)

This is advanced, as it is different from conventional attacks with malicious software, it is for specific numbers of victims. An Advanced Persistent Threat or APT is for the selected victims, individuals or institutions with advanced technology and tactics. Differentiation from conventional attacks is the restriction to inject the malicious software on only one computer. Apart from this, however, the first infected hosts uses only as a springboard into the local network of the affected IT structure to the main objective, such as a computer with research data, for longer spying or sabotage. APT methodology following lifecycle :

1. Initial compromise
2. Establish Foothold
3. Escalate Privileges
4. Internal Reconnaissance
5. Move Laterally
6. Maintain Presence
7. Complete Mission