Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Advanced Persistent Threat (APT)
Last Updated: February 20, 2017
Definition - What does Advanced Persistent Threat (APT) mean?
An advanced persistent threat (APT) refers to a cyberattack launched by an attacker with substantial means, organization and motivation to carry out a sustained assault against a target. An APT is advanced in the sense that it employs stealth and multiple attack methods to compromise the target, which is often a high-value corporate or government resource. The attack is difficult to detect, remove, and attribute. Once the target is breached, back doors are often created to provide the attacker with ongoing access to the compromised system. An APT is persistent because the attacker can spend months gathering intelligence about the target and use that intelligence to launch multiple attacks over an extended period of time. It is threatening because perpetrators are often after highly sensitive information, such as the layout of nuclear power plants or codes to break into U.S. defense contractors.
Techopedia explains Advanced Persistent Threat (APT)
An APT has three primary goals:
- Theft of sensitive information from the target
- Surveillance of the target
- Sabotage of the target
The attacker hopes to be able to achieve its goals while remaining undetected.
Perpetrators of APTs often use trusted connections to gain access to networks and systems. The trusted connection can be a sympathetic insider or unwitting employee who falls prey to a spear phishing attack.
APTs differ from other cyberattacks in a number of ways:
- They often use customized tools and intrusion techniques, such as vulnerability exploits, viruses, worms and rootkits, which are designed specifically to penetrate the target organization.
- They occur over long periods of time during which the attackers move slowly and quietly to avoid detection.
- They are designed to satisfy the requirements of espionage and/or sabotage, usually involving covert state actors.
- They are aimed at a limited range of highly valuable targets, such as government facilities, defense contractors and manufacturers of high-tech products.
