• Sue Adams

What is an Advanced Persistent Threat (APT)?

An APT is an attack that combines both advanced technology and techniques to allow persistence over a long period of time. This type of attack also uses multiple phases of attack, which allows the attacker to adapt and move faster than defenders can keep up with. These highly skilled attackers may be nation-state sponsored or part of organized crime groups, allowing them to have large amounts of resources at their disposal, such as time and money.

APT attacks are also designed to steal data and information from an organization without getting detected. This is why they can be considered "Advanced" in the sense that it uses technology like rootkits to evade detection by normal anti-malware tools. The other part of the acronym, "persistent", can be defined as "a repeated or prolonged attempt to do something; an effort that continues long after most people would give up."

APTs are persistent because they continue to operate within a network for months and even years without getting detected. They also hide their activities on the system by injecting themselves into processes and applications to avoid detection by anti-malware software. This allows them to use the highest privileges on a system, which makes it very difficult for an attacker to get detected.

APTs can be used for any number of purposes, including espionage or data theft. It is important to note that not every attack has APT characteristics. APTs are a specific type of attack that use multiple phases and adapt to defenders faster than they can catch up.