Advanced Persistent Threats

APTs (Advanced Persistent Threats) are a category of cybercrime directed at the businesses and the political targets. The APT attacks are different from other types of cyber threats. They happen when someone or some entity decides you have something they want and they are willing to invest resources and time to get it.

‘This implies that APT is targeted cyber attack which requires a high degree of stealthiness over a prolonged duration of operation in order to be successful.

The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached.

Implication:

APT has a well-defined attack methodology, honed over years and designed to steal large volumes of valuable intellectual property.

Once APT establish access, they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organisations’ leadership.

Context:

The infiltrations were allegedly performed by Shanghai-based Unit 61398 of People’s Liberation Army. Chinese officials have denied any involvement in these attacks. Mandiant said that it has observed hacking attempts against nearly 150 victims over seven years. Hundreds of terabytes of data were involved. Mandiant is revealing three personas that might have attributed to APT1 activities — UglyGorilla, DOTA and SuperHard. It also said that the ‘UglyGorilla’ persona and the ‘DOTA’ persona use the same shared infrastructure.