In cyber security, there are a vast number of malicious threats.
Many of these threats write malware, though there are plenty of other ways for cybercriminals to be malicious.
The skill level between them varies a lot, though.
Many hackers have the skills to make their malware, though the exact caliber varies wildly.
There is one more exclusive tier, though, the APT.
APT stands for Advanced Persistent Threat.
They are the cream of the crop for hackers and are generally the best in the business.
This assumption is built from the time, effort, and dedication they show in achieving their goal.
APTs perform sabotage, espionage, or disruptive attacks and are generally politically or sometimes economically motivated.
While most threat actors are typically opportunistic, APTs tend to be quiet or even very targeted.
Typically, these exploits will be very carefully configured to be as quiet and subtle as possible.
Developing exploits is a technical and time-consuming business.
This makes it an expensive business, especially when dealing with highly complex systems without known vulnerabilities.
Attribution Is Hard
Attributing an attack to any one group or nation-state can be difficult.
Many of these highly advanced exploits share bits of code from other exploits.
Specific attacks may even make use of the same zero-day vulnerabilities.
These allow the incidents to be linked and tracked rather than as a one-off, extraordinary malware.
Tracking many actions from an APT makes it possible to build up a map of their chosen targets.
Most cyber-attacks from APTs come with plausible deniability because no one owns up to them.
This allows each responsible nation to perform actions it wouldnt necessarily want to be associated with or accused of.
By playing dumb, everyone gets to keep their plausible deniability.
Examples
Many different groups name APTs other things, which complicates tracking them.
Some names are just numbered designations.
Some are based on linked exploit names are based on stereotypical names.
There are at least 17 APTs attributed to China.
An APT number, such as APT 1, refers to some.
APT 1 is also specifically PLA Unit 61398.
At least two Chinese APTs have been given names featuring dragons: Double Dragon and Dragon Bridge.
Theres also Numbered Panda and Red Apollo.
Many APTs attributed to Iran feature kitten in the name.
For example, Helix Kitten, Charming Kitten, Remix Kitten, and Pioneer Kitten.
North Korea has been attributed to three APTs: Ricochet Chollima, Lazarus Group, and Kimsuky.
Israel, Vietnam, Uzbekistan, Turkey, and the United States have at least one attributed APT.
The group gets its name from the name of some of its exploits and its heavy use of encryption.
Equation group is generally regarded as the most advanced of all APTs.
It is known to have interdicted devices and modified them to include malware.
The level of skill, patience, and dedication shown by APTs is unmatched in the criminal world.
Combined with the often political targets, its pretty clear these arent your average hacking-for-money groups.
Generally, the average user does not need to worry about APTs.
They only spend their time on targets that are particularly valuable to them.
The average person does not hide secrets a nation-state considers valuable.
Of course, everyone should take their security, as well as their companys security, seriously.
