Talk:Advanced persistent threat

Wiki Education Foundation-supported course assignment
This article was the subject of a Wiki Education Foundation-supported course assignment, between 17 May 2021 and 31 July 2021. Further details are available on the course page. Student editor(s): Dephiant08. Peer reviewers: Dephiant08, Fconteh02.

Above undated message substituted from Template:Dashboard.wikiedu.org assignment by PrimeBOT (talk) 13:28, 16 January 2022 (UTC)

Intro is hackey
Please improve the first paragraph.

It is amateurish, especially the use of the term "hacking processes". The term "hacking" used in a network security context should be reserved for the popular press, and for street talk, not for formal writing nor a precise definition.

It is an exact copy from the reference text. The reference seems questionable to me, I am not sure of the process of determining a good authoritative reference, but this doesn't seem like one.

A better intro might come from here: http://searchsecurity.techtarget.com/definition/advanced-persistent-threat-APT

Sorry, I don't feel competition enough of an editor to make the change myself. Dlotts (talk) 21:12, 18 March 2014 (UTC)

--Totally agree 31.22.0.74 (talk) 10:16, 22 May 2015 (UTC)

Usage question
In this blog post, Richard Bejtlich writes: "APT is not an effort -- it's a proper noun, i.e., a specific party."  This seems to mean that saying "APT" is not like saying "organized crime", it's like saying "the Mafia" -- the name of a specific organization. Thoughts? --FOo (talk) 07:09, 17 April 2010 (UTC)

That's because historically APT was, and possibly still is used to refer to a specific actor (i.e. a person, group, or country) that was seen to be attacking the USA. Marketing caught on to the military term and started to use it to help market products, this lead to a lot of confusion and twisting of what APT is/means.

So it depends on the context that APT is being used: - - If it's a press release from a company that got compromised, it means it was any attack that they failed to stop (either attack was sophisticated or because their defences were weak, they imply the former but it could well be the latter). - If it's the US military then it may be a particular threat actor. - If it's marketing/sales they are trying to hype there product to say it can stop the attacks that have been engineered to bypass all the other defences (e.g. their competitors' products). — Preceding unsigned comment added by 124.169.137.63 (talk) 13:07, 4 June 2013 (UTC)

Capitalization
The title of this article should be "Advanced persistent threat". I would move the article, but it looks like moving articles became a special permission at some point when I wasn't paying attention. modify 03:56, 28 August 2011 (UTC)
 * Never mind -- found the move link hiding in a dropdown UI element. modify 04:17, 28 August 2011 (UTC)

Completely incorrect
This article is completely incorrect. ADT refers to the malware, not the authors. — Preceding unsigned comment added by 194.80.66.187 (talk) 11:10, 23 January 2014 (UTC)

Doesn't explain much
What's all the "process" stuff in the first paragraph? "Process" has many different meanings depending on context, but it is unclear which one is used here.

The "Characteristics" section doesn't give any characteristics that distinguish APT from other computer threats. For instance, "Actions – The precise actions of a threat or numerous threats". So APT has actions, but so does any other threat. To make this a characteristic you have to explain what is special about the actions of APT vs non-APT threats. This section looks like bullet points copied from a Powerpoint presentation, but without the talk that the original presenter gave. 108.234.224.230 (talk) 21:50, 1 December 2014 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 1 one external link on Advanced persistent threat. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20110418080952/http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm to http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at ).

Cheers.— InternetArchiveBot  (Report bug) 20:45, 4 October 2016 (UTC)

NPOV text
Regarding the beginning of this passage:
 * A common misconception[who?] associated with the APT is that the APT only targets Western governments. While examples of technological APTs against Western governments may be more publicized in the West, actors in many nations have used cyberspace as a means to gather intelligence on individuals and groups of individuals of interest.[11][12][13] The United States Cyber Command is tasked with coordinating the US military's offensive and defensive cyber operations.

Someone has already added a "who" tag but I think the text shouldn't remain as it stands. Maybe NPOV isn't precisely the right description for the problem of this text, but either way it seems to be making an overly large and unfounded assumption. Unless someone clears it up or opposes it, I will remove or at least trim down this text later this week or next. Thanks. 60.248.185.19 (talk) 07:54, 12 July 2018 (UTC)
 * Done.60.248.185.19 (talk) 01:12, 17 July 2018 (UTC)

Article Request
I just placed the APT10 link inside thanks.
 * https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-cloud-hopper-what-you-need-to-know
 * https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html
 * https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html
 * https://www.wired.com/story/doj-indictment-chinese-hackers-apt10/
 * https://www.google.com/search?ei=HiMYXcuvMIrj_AaIq58Y&q=navy+personnel+breach&oq=navy+personnel+breach&gs_l=psy-ab.3...2333.7206..7468...2.0..0.230.2201.17j3j3......0....1..gws-wiz.......0i71j0i131j0j0i10j0i22i30j33i160.jyLIoJGyjkg
 * https://www.google.com/search?source=hp&ei=iSMYXfvgC4u85gKp0bgg&q=operation+cloud+hopper&oq=operation+cloud+&gs_l=psy-ab.3.0.0j0i10j0l5.574.3402..4230...0.0..0.71.919.16......0....1..gws-wiz.....0..0i131.uYUxdHHi4RM

APT10 Redirect
I made a page here. For signed in users going to APT 10 this is not the formal page

Article Request:APT3
Article Request--Personisgaming (talk) 13:50, 29 September 2019 (UTC)

https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit

Section on Mandiant's UNC designation
Should something be said in this article about Mandiant's designation of groups as UNC for uncategorized? It's a small detail, but that information is currently not found anywhere on Wikipedia except in the Ghostwriter (hacker group) article, which I myself added. Somers-all-the-time (talk) 04:47, 7 March 2022 (UTC)