What is APT?

An Advanced Persistent Threat (APT) is an adversary that possesses sophisticated levels of expertise and significant resources, which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization, or positioning itself to carry out these objectives in the future.

The APT typically showcases these three characteristics:

  1. Pursues its objectives repeatedly over an extended period of time.
  2. Adapts to defenders’ efforts to resist it.
  3. Determined to maintain the level of interaction needed to execute its objectives.

APTs can infiltrate your network in a variety of ways, including social engineering (such as phishing) or exploiting a vulnerability in your applications or other areas of your network. Once they are in your network, Advanced Persistent Threats gain footing by creating additional entry points into your network via malware and other malicious software. Attackers also often use this code to hide their activities and avoid detection.

As attackers settle into your network, they begin to gain access to other areas. They employ tactics such as password cracking to gain administrative access to sensitive files, including patents, financial records, employee data, emails, and more. Dependent upon the motive, an APT attack can result in your data being sold to competitors, takedowns, sabotage to a product line, or deletion of key data.

When attackers gain administrative rights, they can move freely throughout your network with minimal traces left behind. This is dangerous because they can attempt to access other servers or secure areas of the network while appearing to be legitimately doing so.

Once APTs find and securely store the data they need, they must extract it without you being the wiser. Attackers often use white noise tactics to distract your teams, making it easier to export the data without detection. They may leverage tactics such as DDoS attacks to distract your security teams, tying up key staff so they can swiftly and surreptitiously extract your data for their gain.

Advanced Persistent Threats adapt quickly, often making them difficult to identify and remove from your network. With NETSCOUT’s Omnis Network Security, you can achieve unmatched visibility into detailed packet metadata to efficiently identify APTs through early stages of Kill Chain before they achieve their objectives.