User:Dephiant08/Advanced persistent threat

Lead
An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Article body
An advanced persistent threat is compound attacks that utilize multiple stages and different attack techniques. They are performed by person or organization that deliberately plans attack campaigns of intellectual property theft using cyber-methods such as malware distribution centers that support on crimeware and espionage.

When it comes to advanced persistent threats, there should be protection on multiple levels across the enterprise. The should include defense-in-depth strategies that consist of SL VPNs, UTM, IDPS systems, and sandboxes.

Gartner suggests, “Application Whitelisting is the most valuable counter-APT strategy any organization can adopt. It forms a strong layer of protection against the viable components of APT, as well as for as-yet-unknown ones.”

Advanced Persistent Threat (APT) groups are organized hacking and cyber intelligence actors, including individuals or groups. APT groups infiltrate corporations and governments, participating in espionage and sometimes hack financial institutions to fund their activities and people of their sponsoring organization. APT groups plan to steal data, disrupt operations, or destroy infrastructure. These attackers engage in their objectives over months or years. They adapt to cyber defenses and frequently retarget the same victim. The actors behind APTs are typically a gaggle of skilled hackers, working in a coordinated way. APT attacks are sly, having the power to stay unnoticed, obscuring themselves within enterprise network traffic, and interacting only enough to realize the defined objectives.

They may add a government/military cyber unit or be hired as cyber mercenaries by governments and personal companies. They are well-resourced from both financial and technical perspectives. This provides them with the power to figure for an extended period and have access (by development or procurement) to zero-day vulnerabilities and attack tools. Once they are state sponsored, they will even operate with the support of military or state intelligence.

APT actors follow a staged approach target, penetrate, and exploit your organization. Advanced Persistent Threat actors may use social engineering, a typical method, to accumulate information from your employees which will be valuable for exploit efforts. Phishing and spear-phishing are particularly effective ways to "distribute" malicious programs. APT actors may use various tools throughout the lifecycle process. This includes rootkits, exploit kits, downloader kits, drive-by downloads, DNS and routing modifications, use of rogue Wi-Fi devices, and almost any method which can prove useful. Most APT actors can also have resources to develop custom hacking tools and prepare zero-day exploits to be used. As an example, APT actors may use zero-day exploits to avoid signature-based detection, and encryption to obfuscate network traffic.

APT attacks are methodically premeditated, and typically have multiple steps involved. Although a selected APT attack may have its unique features, the stages of APT attacks are similar, and that they differ mostly within the procedures utilized in each stage. “A typical APT attack will have the next six phases: (1) reconnaissance and weaponization; (2) delivery; (3) initial intrusion; (4) command and control; (5) lateral movement; (6) data exfiltration”[4].

== References ==