Chapter 2. Advanced Persistent Threats

The term advanced persistent threat (APT) was first introduced in the US military to describe espionage efforts by China against American national security interests and was quickly adopted by the civilian tech community. Intelligence agencies and the military commonly assign classified monikers to threat actors to communicate with personnel or counterparts that should not have access to detailed information. This way, by using the alias, the origin of the attacks is not exposed, and discussions can be carried out freely with specialists from outside the organization. Advanced persistent threat was not intended to be a generic term but to represent a known state-sponsored adversary targeting specific US government instruments. After similar attacks started occurring in other sectors, it gained more publicity, and through the media, it transformed into what we know today as APT.

APT stands for:

Advanced

The individuals or groups that are significant threat actors have extended knowledge of technological solutions, techniques, and the implications of these systems in daily operations. The technologies they use can be open source or commercial software or sometimes even the apparatus of a state for intelligence or coordination. Moreover, they know how to mask under trusted vendors to keep their operations covert and build trust with their targets. Not all methods can be classified as advanced, but the sequence in which they are used can help ...