Advanced Persistent Threat Details

APTs are sophisticated methods of gaining information from computer systems or networks. Governments use APTs to spy on and interfere with the operations of rival states, but APTs are also widely used nowadays to glean information from businesses. At first, APT designers targeted government agencies and large companies. Hackers' scope eventually spread to smaller companies. All businesses are vulnerable to APTs but these smaller companies may not have the expertise to deal with the threat and may not realize that there is a threat until it is too late and someone has accessed vital information. Commonly used computer protection software has not proved very effective in defending systems against APTs.

APTs remain unnoticed to a user because they do not interfere with a computer system's normal operations. The user doesn't notice anything out of the ordinary. More and more agents design ever more sophisticated APTs to steal valuable data. Designers develop malicious software (malware) to run an APT, but an APT is not simply a virus. It is much more complex, designed for one task, and harder to deal with.

APTs can take many different forms but generally have the following characteristics:

  • They have gained unauthorized entry into a computer system or network.
  • They can avoid detection for a considerable period of time.
  • They have a specific task.
  • They search through a computer database to find the most vulnerable point of entry to the information that they want.
  • They gather the data.
  • They send the information back home.

There are some indications that your system is hosting an APT. Somebody is frequently logging in at an unusual time. You notice large, unexpected data flow, or there are bundles of data in your system that shouldn't be gathered in one place.

Real World Examples of Advanced Persistent Threat

Businessmen staying at luxury hotels around Asia and in the United States have fallen victim to what cybersecurity company Kaspersky Lab describes as an APT called DarkHotel. DarkHotel, which seems to have originated in South Korea, started operations in 2007 and generally targets executives in financial departments, electronics, energy, and defense industries.

DarkHotel uploads malware to hotel computer servers and then attacks selected guests through the hotel's WiFi network. The attacker forges digital certificates to convince the targeted guest that a download is genuine. The reassurance of a certificate gives them an entry point into the guest's computer. The malware hunts for, and finds, passwords and sensitive information.

The Iranian government set up Charming Kitten which uses fraudulent messages to impersonate companies (a process known as 'phishing'), fake domain names, and fake accounts to try to collect passwords. Charming Kitten was, at first, relatively unsophisticated but its backers are continually improving its malware.

History of Advanced Persistent Threat

Advanced persistent threats are a fairly new occurrence in the cybersecurity world. The term was first coined in 2006 by the US Department of Defense after China made efforts to commit cyberespionage on American security programs. APT entered public discussions in 2009 after an attack on Google and a 2011 attack on the security division of EMC Corporation.