As indicated by the term “advanced,” an APT is a cybersecurity threat where attackers use sophisticated, secret, and continuous hacking attacks. Their goal is to gain access to a network, stay inside for the long term, and move around to spy, collect information without the target realizing the attack is underway.
Because of the sophistication and level of effort involved in an APT, attackers typically target high-value corporations or nations to steal information over a long period of time. Small companies and agencies are not immune from APTs, because those smaller players can be a gateway to compromising the actual targets.
APT groups typically gain access through advanced software exploits and so-called zero-day vulnerabilities, where hacks occur before software developers can patch them. Also, they use highly-targeted spear phishing, luring key personnel into opening malware-infested files.
Hackers conduct successful APT attacks in a sequence of sophisticated steps that gain entry and remain allow to remain hidden inside the target’s system. With the attack underway, the bad actors try to gain even greater access through password cracking and exploiting additional local vulnerabilities. The breach is compounded when the hackers begin to move laterally around the target’s network and gain access to other additional secure areas and servers on the network. When they have found the information they are after, they encrypt the data and transfer it to their own system.
At this point, the APT actors stick around until they are detected. Thus, hackers can either remain indefinitely and wait for new data exploits or leave after accomplishing their goal. In the latter case, APT hackers can leave the attacked system’s backdoor open to return later.
Warning signs of APTs range from unusually heavy database activity involving large quantities of data or the presence of anomalies in data being transmitted from the system.