Library

Advanced persistent threat

Share on Facebook Share on Twitter Email
Wikipedia on Answers.com:

Advanced persistent threat

Top
Home > Library > Miscellaneous > Wikipedia

Advanced persistent threat (APT) usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage, but applies equally to other threats such as that of traditional espionage or attack.[1] Other recognised attack vectors include infected media, supply chain compromise, and social engineering. Individuals, such as an individual hacker, are not usually referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.[2]

The global landscape of APTs from all sources is sometimes referred to in the singular as "the" APT, as are references to the actor behind a specific incident or series of incidents.[citation needed]

The Stuxnet computer worm has been described by one Middle East Consultant[3] as "state terrorism"[4]. In this example, the Iranian government might consider the Stuxnet creators to be an Advanced Persistent Threat.

Within the computer security community, and increasingly within the media, the term is almost always used in reference to a long-term pattern of sophisticated hacking attacks aimed at governments, companies, and political activists, and by extension, also to refer to the groups behind these attacks.[citation needed] A common misconception[who?] associated with the APT is that the APT only targets Western governments. While examples of technological APTs against Western governments may be more publicized in the West, actors in many nations have used the technological (cyber) APT as a means to gather intelligence on individuals and groups of individuals of interest.[5][6][7] The United States Cyber Command is tasked with coordinating the US military's response to this cyber threat.

Numerous sources have alleged that some APT groups are affiliated with, or are agents of, nation-states.[8][9][10]

Definitions of precisely what an APT is can vary, but can be summarized by their named requirements below:[11][12][13]

  • Advanced – Operators behind the threat have a full spectrum of intelligence-gathering techniques at their disposal. These may include computer intrusion technologies and techniques, but also extend to conventional intelligence-gathering techniques such as telephone-interception technologies and satellite imaging. While individual components of the attack may not be classed as particularly “advanced” (e.g. malware components generated from commonly available do-it-yourself malware construction kits, or the use of easily procured exploit materials), their operators can typically access and develop more advanced tools as required. They often combine multiple targeting methods, tools, and techniques in order to reach and compromise their target and maintain access to it. Operators may also demonstrate a deliberate focus on operational security that differentiates them from "less advanced" threats.
  • Persistent – Operators give priority to a specific task, rather than opportunistically seeking information for financial or other gain. This distinction implies that the attackers are guided by external entities. The targeting is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a “low-and-slow” approach is usually more successful. If the operator loses access to their target they usually will reattempt access, and most often, successfully. One of the operator's goals is to maintain long-term access to the target, in contrast to threats who only need access to execute a specific task.
  • Threat – APTs are a threat because they have both capability and intent. APT attacks are executed by coordinated human actions, rather than by mindless and automated pieces of code. The operators have a specific objective and are skilled, motivated, organized and well funded.

References

  1. ^ "Are you being targeted by an Advanced Persistent Threat?". Command Five Pty Ltd. http://www.commandfive.com/apt.html. Retrieved 2011-03-31. 
  2. ^ "The changing threat environment...". Command Five Pty Ltd. http://www.commandfive.com/threats.html. Retrieved 2011-03-31. 
  3. ^ "The Jamestown Foundation's list of experts". http://www.jamestown.org/media/experts/. Retrieved 2011-12-17. 
  4. ^ ""BBC News - Is Iran already under covert attack?"". November 15, 2011. http://www.bbc.co.uk/news/world-middle-east-15741989. Retrieved 2011-12-27. 
  5. ^ "An Evolving Crisis". BusinessWeek. April 10, 2008. Archived from the original on 10 January 2010. http://www.businessweek.com/magazine/content/08_16/b4080032220668.htm. Retrieved 2010-01-20. 
  6. ^ "The New E-spionage Threat". BusinessWeek. April 10, 2008. Archived from the original on 18 April 2011. http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm. Retrieved 2011-03-19. 
  7. ^ "Google Under Attack: The High Cost of Doing Business in China". Der Spiegel. 2010-01-19. Archived from the original on 21 January 2010. http://www.spiegel.de/international/world/0,1518,672742,00.html. Retrieved 2010-01-20. 
  8. ^ "Under Cyberthreat: Defense Contractors". BusinessWeek. July 6, 2009. Archived from the original on 11 January 2010. http://www.businessweek.com/technology/content/jul2009/tc2009076_873512.htm. Retrieved 2010-01-20. 
  9. ^ "Understanding the Advanced Persistent Threat". Tom Parker. February 4, 2010. http://tominfosec.blogspot.com/2010/02/understanding-apt.html. Retrieved 2010-02-04. 
  10. ^ "Advanced Persistent Threat (or Informationized Force Operations)". Usenix, Michael K. Daly. November 4, 2009. http://www.usenix.org/event/lisa09/tech/slides/daly.pdf. Retrieved 2009-11-04. 
  11. ^ "What's an APT? A Brief Definition". Damballa. January 20, 2010. Archived from the original on 11 February 2010. http://www.damballa.com/solutions/advanced-persistent-threats.php. Retrieved 2010-01-20. 
  12. ^ "Are you being targeted by an Advanced Persistent Threat?". Command Five Pty Ltd. http://www.commandfive.com/apt.html. Retrieved 2011-03-31. 
  13. ^ "The changing threat environment...". Command Five Pty Ltd. http://www.commandfive.com/threats.html. Retrieved 2011-03-31. 

See also


This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)

Related answers

What is or are the threat? Read answer...
What are the advanced moves in Sonic advanced 2? Read answer...
When threats are used in rape do the threats have to be physical? Read answer...
What is the difference between a threat agent and a threat? Read answer...

Help us answer these

Is it a threat if you ask someone if its a threat?
When did you advanced to a calendar and advanced math?
Where is it a threat for great lakes threat?
What is advanced IT?

Post a question - any question - to the WikiAnswers community:

Copyrights:

Cite
Wikipedia on Answers.com This article is licensed under the Creative Commons Attribution/Share-Alike License. It uses material from the Wikipedia article Advanced persistent threat. Read more

Related answers

The act of obtaining something by force threat or persistent demands is?
Which two threats are physical threats?
What threat did the enlightenment pose a threat to?
What is threat?
» More

Answer these

Why are bacteria such a persistent threat to food safety?
Iran says advanced missles can target any threat?
Types of Persistent entity beans in advanced java programing?
Pictures of natural threats intentional threats and unintentional threats?
» more

Featured guides

» More