Malware Spotlight: What is APT?


For some things, the whole is greater than the sum of its parts. When it comes to cybersecurity, this saying is an appropriate description of Advanced Persistent Threat (APT) cyberattacks. Made up of a thoughtful combination of different tools and methods, sometimes rudimentary ones at that, the dreaded APT is magnitudes more of a threat than any of its composite parts. This article will detail APTs and will shed some light on what APTs are, characteristics of APTs, phases of APTs, and real-world examples of APTs being used to carry out attacks. In my humble opinion, the concept of APT in malware is a sort of culmination of Malware spotlight series as it presents a wide variety of malware and related concepts in one nice little package – dare I say a malware final thesis?

A Little About APT

APT is defined as a prolonged attacked focused on a specific target with the aim of compromising system and stealing information about said target. The threat actors that run APT attacks use a variety of tools and methods to gain entry to their target and widen their breach. These tools are often custom malware for the various techniques the attack calls for and sometimes attack groups create malware families consisting of custom tools only used in their APT attacks. These tools are kind of like calling cards for the attack group.

Traditionally, APT was a classification of cyberattack sponsored by a nation state. This was due to the resources needed for waging an APT campaign – which can be significantly more than a private attack group can muster. This definition has been slightly changed recently by some malware authorities to include non-state actors and this article will follow the new expanded definition. 

Characteristics of APT Attacks

For those attacks (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: