Overview
An Advanced Persistent Threat (APT) is a stealthy threat actor, typically a nation-state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. Unlike 'smash and grab' attacks, the goal of an APT is usually to monitor network activity and steal data rather than cause immediate damage.
Key Characteristics
- Advanced: Uses sophisticated techniques, including zero-day exploits and highly targeted social engineering.
- Persistent: Maintains a long-term presence on the target network, often re-establishing access if discovered.
- Threat: Driven by specific objectives, such as espionage, intellectual property theft, or strategic disruption.
Stages of an APT Attack
- Reconnaissance: Gathering information about the target.
- Incursion: Gaining initial access (often via phishing or vulnerabilities).
- Discovery: Mapping the internal network and identifying high-value assets.
- Capture: Accessing and exfiltrating sensitive data over time.