Advanced Persistent Threat (APT)
The term Advanced Persistent Threat is generated from hacking perspective. The APT attack where a threat actor which uses the most diffrent tactics and technologies to the penetrate a high profile network. If APTs aim to stay in target area for weeks, months and even years. The APTs are mostly used by the diffrent country to which cause high level damage to the economical and political stability of a country. This should be also called as ‘sleeper cells’.
Key Characteristics of APTs :
- Advanced methods : The attackers use sophisticated malware , zero-day exploits and and social engineering to enter the host systems.
- Ability or Persistence : If the attackers get inside they maintain access using backdoors, rootkits or compromised accounts.
- Target attacks : The APTs focus on the specific organizations , industries or the government rather than broad opportunistic attacks.
- Data Exfiltration: the primary goal is often to steal intellectual Property, Financial data or classified Data breach.
- Stealth & Evasion : The APTs use the the encryption and anti-forensic techniques to avoid detection.
Groups of APT
- APT28 ( Fancy Bear) : This Group belongs to the Russian state which a team of hacker and linked to cyber espionage.
- APT29 (Cozy Bear) : This group also belongs to the Russian state which is associated with intelligence gathering.
- APT41 : China based Cyber criminal group which involved in espionage and financial cybercrimes.
- Lazarus Group : This group is situated in North Korean which is responsible for financial espionage attacks.
How the Organisations Defend Against APTs ?
- Strong Endpoint security : The Advanced threat detection tools (EDR,XDR).
- Network segmentation : limit lateral movement by segmenting critical assets.
- Regular patching & Updates : Fix vulnerabilities to prevent exploitation.
- Zero trust security : Verify every users and device before granting access.
- Behavioural Analytics : Monitor network traffic and user behaviour for anomalies.
