Advanced Persistent Threat (APT)
Advanced persistent threat (APT) is an attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.
- describes the behavior underpinning advanced cyber adversaries, such as nation-states and organized crime groups
- scan for:
- virus
- Trojan
- command and control (C&C) software
- unusual network activity
- one defining characteristic:
- anti-forensics, removing evidence of an attack
- typically target large organizations
- APT groups are identified and profiled and assigned unique number identifiers and code names
- members of one group often participate in many other groups
- have considerable financial resources and personnel
- custom exploit development
- spend a lot of time gathering intelligence for an attack
- usually are interested in maintaining access (persistence)