Emil Sköld
EXPLOIT.BLACK

EXPLOIT.BLACK

What does Advanced Persistent Threat (APT) mean?

What does Advanced Persistent Threat (APT) mean?

Emil Sköld's photo
Emil Sköld
·May 26, 2022·

2 min read

Subscribe to my newsletter and never miss my upcoming articles

advanced_persistent_threat.gif

By employing sophisticated hacking tactics that are difficult to detect, an advanced persistent threat (APT) infiltrates a system and remains there for a long period of time. APTs typically target high-value targets such as nation-states and large corporations. Hackers are increasingly leveraging the supply chain of the large companies they seek to break into to gain access to smaller businesses. An advanced persistent threat (APT) is a sophisticated cyberattack that lasts for a long time and lets an intruder stay in a network without being found. To do this, an attacker will probably use social engineering techniques like whaling or spear phishing.

“Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.” – Chris Pirillo @chrispirillo

The biggest issue with APT assaults is that even after they've been discovered and the immediate threat has passed, the hackers may have left many backdoors open, allowing them to return whenever they want. Most APTs have the same basic life cycle, which is to get into a network, get more access, and then steal data. A phishing email sent only to people in high positions is one symptom of an APT. The adversary naming system used by CrowdStrike reveals which government is behind the attack. CrowdStrike first found out about Gobin Panda (APT27) in September 2013, when it found signs of an attack (IOAs) in the network of a technology company that works in many different areas.

Cozy Bear is a Russian foe who is suspected of working for the Russian Federation's Foreign Intelligence Service. Wicked Panda is a group of independent contractors who work for the Chinese government while also doing illicit things for a living. Because of the COVID-19 outbreak, there has been a lot of cyber activity from both criminals and governments. Manufacturers often have a lot of valuable intellectual property, which makes them a target for people who want to spy on the economy. When it comes to gathering information, going after airlines and airports is a huge help to the government. An organization must find threats, look into them, and deal with them as soon as possible. CrowdStrike uses the "1-10-60 rule," which says that an intrusion should be found in one minute, looked into in ten minutes, and stopped and fixed in sixty minutes. A big breach might occur in less than an hour if an attacker is paid for by the Russian government, for example.

 
Share this