Advanced Persistent Threat is a type of cyber attack that is executed on a large scale for the purpose of data theft and / or system spying. Its particularity is that it runs for an extended period of time, mainly because the cybercriminals responsible are very dedicated. They are responsible for investigating the target and defining the reason for attacking. In addition, they invest a lot in economic resources to prepare their infrastructure and thus ensure that the attack is carried out successfully. Attacks carried out through APTs include fully customized malware according to the chosen target.
Due to the level of effort required to carry out such an attack, APTs often partner with high-value targets, such as countries and large corporations, with the aim of stealing information over a long period of time, rather than simply “ get in “and get out fast, as many black hat hackers do during low-level cyberattacks.
Advanced Persistent Threat attackers increasingly use the smaller companies that make up their end-goal supply chain as a way to gain access to large organizations. For example, they use such companies as stepping stones, since they typically have less protection, these criminals typically take the following steps before carrying out the attack:
▸Get access
Much like a thief forces a door with a crowbar, to insert malware into a target network, cybercriminals often gain access via a network, an infected file, junk email, or an application vulnerability.
▸Infiltrate
Cybercriminals implant malware that creates a network of back doors and tunnels used to navigate systems unnoticed. Malware often employs techniques such as rewriting code to help hackers hide their tracks.
▸Intensify access
Once inside, hackers use techniques such as password cracking to access administrator rights, increase control over the system, and gain higher levels of access.
▸Horizontal displacement
With a higher level of foray into the system thanks to administrator rights, hackers can move around it at will.
▸Look, learn and stay
Hackers can try to keep this process running, possibly indefinitely, or withdraw after meeting a specific goal. Often they leave a door open to access the system again in the future.
This type of attack is very successful and is really dangerous, mainly because of dedicated and responsible cybercriminals, they do not want to do things quickly, but rather prefer to take their time to fulfill the mission properly. Also, they choose to do it with all the necessary time because some false step could expose them.
Other reads:
Chimera threat that encrypts stored files
APT – A potentially harmful cyberattack method
FluBot is a new threat that comes through SMS
