Don't miss an insight. Subscribe to Techopedia for free.


Advanced Persistent Threat

What Does Advanced Persistent Threat Mean?

An advanced persistent threat (APT) is a cyberattack launched by an attacker with substantial means, organization and motivation to carry out a sustained assault against a target.


The attacker's goal is to remain hidden over an extended period of time and incrementally obtain the permissions required to achieve the attack's objectives.

APTs differ from zero day and other types of cyberattacks in a number of ways:

  • This type of cybersecurity attack is expensive to conduct so it is often aimed at highly valuable targets, such as government facilities, defense contractors, media outlets and manufacturers of high-tech products.
  • Threat actors often use legitimate credentials they have acquired by exploiting known vulnerabilities, using social engineering tactics and conducting brute force attacks.
  • The attacker will often develop and deploy customized malware and seek to compromise trusted third-party software.
  • APT threat actors will spend time and money to monitor their target closely and pivot attack vectors when necessary.

Techopedia Explains Advanced Persistent Threat

An APT has three primary goals:

  • Surveillance
  • Sabotage
  • Theft

Perpetrators of APTs often use threat intelligence and trusted connections to gain initial access to target networks and systems. The trusted connection may be third-party software or an insider who falls prey to a spear phishing or whaling attack.

An APT is advanced in the sense that it employs stealth and multiple attack methods to compromise the target. This type of attack is difficult to detect, remove, and attribute. Once the target is breached, back doors are often created to provide the attacker with ongoing access to the compromised system.

An APT is persistent because the attacker can spend months — or even years — gathering intelligence about the target before using that intelligence to launch multiple attacks over an extended period of time. This type of cyberthreat is dangerous because perpetrators are often after highly sensitive government information, such as the layout of nuclear power plants or codes to break into U.S. defense contractors.


Related Terms