Advanced Persistent Threats (APTs) are hackers who specialise in dedicated and advanced targeting of a victim’s information technology estate and use a range of sophisticated techniques to compromise a victims infrastructure to fulfil their goal such as,
- Information Gathering to facilitate other physical or cyber operations.
- Monitoring victims assets for sale, like payment data or personal information of users.
- Disruption of operational services and IT to cause monetary or reputational damage.
- Extortion through ransomware for profit.
What Makes a Hacker an Advanced Persistent Threat?
Common hacking techniques exploit vulnerabilities in software that may be known or by comparison non-sophisticated in nature, a majority of system compromise is through automated tooling or weak protections on public infrastructure. Advanced Persistent Threats are much more sophisticated and clandestine,
APTs (Advanced Persistent Threats) may incorporate cutting edge techniques, cover a wide variety of technologies and demonstrate a deep understanding of products and services used by victims.
- Have been known to use 0-day, previously undetected and unpatched vulnerabilities in common software packages.
- Have been known to use social engineering or have connections to individuals on the inside of organisations.
- Have used multiple exploits at once to compromise a system.
- Demonstrate deep understanding of a victims tech stack.
- Use modern techniques to avoid detection such as supply chain attacks.
- Know corporate cultures, procedures or are able to determine appropriate behaviours to avoid network behaviour anomaly detection.
- Have been known to work at times like national holidays or when key persons are out of office to degrade threat response performance.
- Abuse vulnerable systems.
APTs can spend long times inside corporate or private networks to avoid detection and move laterally,
- Generally APTs try to avoid detection or work as quickly as possible to achieve their objective.
- Some APTs have been known to spend years inside networks moving laterally among systems to increase their likelihood of success.
- Have researched 0-day vulnerabilities in software used by their victims to exploit and move laterally and maintain persistence.
- Have been known to attack individuals private infrastructure like their home network for use in their work environment.