What is an advanced persistent threat (APT)?


Consider this your go-to guide for advanced persistent threat protection, including how APT attacks work and APT attacks to watch for.

An advanced persistent threat (APT) is a kind of hacking method used by cybercriminals to establish an illegal, long-term connection with their target’s network, looking to steal highly valuable information for personal and/or financial gain. And because of its ability to destroy and manipulate the data stored onto computers and devices, it’s more important than ever to know how to protect against this threat. 

To help you understand this type of cyberattack, turn to this guide on APT cybersecurity. You’ll find answers to frequently asked questions such as, “What is an APT?” and ”What is the main goal of an APT attack?” In addition, we provide APT attack examples and APT protection tips you can use to safeguard your data from hackers.

What is an APT? + Common targets of APT attacks

Advanced persistent threat definition

What does APT stand for? Put simply, the words “advanced'' and “persistent” are tied to the ways this cyberattack strategically invades a network over a long period of time without detection. The true “threat” associated with this hacking method lies within its goal of accessing sensitive data not meant for public viewing.

Common targets of these campaigns can range from large and mid-sized organizations all the way to individuals at home. Additionally, APT hackers are usually after one of the following types of data to make a financial profit from their victims:    

  • Legal contracts    
  • Patent information   
  • Medical records   
  • Blueprints    
  • Financial documents

Finally, some of the consequences of falling victim to an APT attack include:  

Theft of intellectual property (patents, trade secrets, etc.)

  • Distribution of sensitive information
  • Site takeovers
  • Session hijacking
  • Destruction of data

How does an APT attack work?

Anatomy apt attack

The life cycle of an APT attack occurs in five stages, and it can be considered a case study in how patience pays off. That’s because APT hackers roll out these stages over an extended period of time to prevent themselves from being detected. To help you better understand the progression of an APT attack, here are the stages you should be
aware of in detail. 

1. Initial access 

The first step of an APT attack is to access the intended target's network. This is typically done by using phishing scam, credential stuffing, social engineering, drive-by downloads, and/or holes in cybersecurity features and tools. Most of the time, the goal is to infect the computer or device with malware for financial gain.

2. Trojan deployment 

After APT hackers gain access, they’ll often install a backdoor Trojan onto the device. This malware masks itself as legitimate software to operate undetected and allows hackers to steal private data from the device with ease. 

3. Access expansion and lateral movement 

APT hackers use the initial access to obtain more information about their target’s network. They continue to look for zero-day vulnerabilities that will grant them deeper access and control. After the execution of additional brute force attacks, hackers are able to move laterally through the network, potentially compromising any device connected.

4. Data search 

Once APT hackers successfully expand their network presence, they begin searching for data they deem valuable and move it to an encrypted location within the network for storage. This stage takes time, as some systems contain millions upon millions of files to comb through. 

5. Exfiltration 

Lastly, once the intruders gather the targeted data assets, they will transfer it outside of the network onto their own network. To be discreet, some hackers will perform a Distributed Denial of Service (DDoS) attack to distract the victim from what is actually occurring — overwhelming their network with traffic it can’t handle.

APT attack examples 

Now that you know how an APT attack works, it might help you to know the true danger behind these cyberattacks. Here is a list of APT attack groups that have wreaked havoc in recent years: 

  • APT28 (Fancy Bear), 2014: A Russian group known as Fancy Bear conducted APT attacks on Ukrainian government infrastructures, which resulted in the electrical blackout of hundreds of homes throughout the country in 2015.
  • APT27: (Goblin Panda),2013: Based in China and generally targeting Vietnamese military and government organizations, this APT attack group uses Microsoft exploit documents to deliver malware when opened to gain access to sensitive information.
  • APT32 (Ocean Buffalo),2012: Reportedly active since 2012 and based in Vietnam, this APT attack group uses a variety of advanced malware delivery techniques to compromise devices. It was last seen trying to siphon information from a Chinese organization about the COVID-19 pandemic.
  • GhostNet, 2009: Spotted in China, GhostNet was an APT attack group that used spear phishing emails to compromise computers in over 100 countries. The primary goal was to gain access to governmental organizations.  
  • Deep Panda, 2013: Targeting the U.S. Office of Personnel Management, Deep Panda was an APT attack group that compromised over 4 million U.S. personnel records. The leak exposed the details of individuals, including those working for the Secret Service.

10 APT protection tips

Apt protection tips

The hard truth about APTs is that no one solution will keep you 100% protected. However, there are cybersecurity measures you can put in place that can set you up for success against APT attacks.

Here are a few APT protection tips you might consider:

1. Safeguard private information 

This may seem like a given, but remembering to do things like keeping passwords private and logging out of accounts immediately after use can go a long way to protect your personal information.

2. Install a firewall  

Firewalls add an extra layer of APT protection for your devices by blocking unwanted traffic and malware that’s trying to infect and/or disrupt your system. They work by following a list of preset IP addresses that have permission to connect to your network andrestrict any others trying to gain access.

3. Limit network access 

It’s vital to keep a close eye on the individuals or employees who have access to certain types of data on your network. By limiting the number of people who have the ability to view different types of sensitive data, you can mitigate the chances of it falling into the wrong hands.

4. Mitigate zero-day exploits 

Trojans have become a common infiltration method used by cybercriminals in APT attacks. One way to protect your network is by looking out for zero-day exploits used to establish uninterrupted access to home or office networks and their connected IoT devices.

These are security flaws cybercriminals use to have continuous and undetected access to your
information—even when you think you’ve gotten rid of the virus. Protecting yourself from these hidden threats can include staying on top of security updates and being cognizant of files you choose to download.  

5. Beware of phishing scams 

Keeping an eye out for phishing scams can help protect your device from malicious attachments and malware used in APT attacks. Always verify the source of files you're about to download and only open emails from known, legitimate senders.

6. Monitor network traffic 

Catching instances of unusual network activity, such as unexplained log-ins and data loss, could be a sign that an APT hacker has found their way onto your system. The earlier you catch this, the faster you can react and
safeguard the information they are after.

7. Explore intrusion prevention systems 

Widely used by large to mid-sized businesses, intrusion prevention systems aid IT security departments in their detection of APTs trying to steal data. This tool is unique in its ability to recognize network compromises before data exploitation can take place.

8. Install a VPN 

Installing a VPN enhances your online privacy by creating a private and encrypted connection just for your use. This hides your data as you browse online and provides a sense of anonymity, helping you feel Cyber Safe as you browse and interact online. 

9. Consider application and domain whitelisting   

Application and domain whitelisting involves creating a set list of approved applications and websites that your network is able to connect to or interact with. This screener prohibits unauthorized users from connecting to your network or interacting with your device.

10. Download antivirus software

Downloading antivirus software is a necessary step if you're looking to prioritize your cybersecurity. With
reliable alerts regarding malware infections and data breaches, you can stay up to date on the Cyber Safety of your network and devices.

An advanced persistent threat may be scary and pose a danger to your online privacy, but finding the answer to “What is an APT attack?” is the first step to avoiding them. Use what you’ve learned here to create a Cyber Safe environment for your busine x`

The freedom to connect more securely to Wi-Fi anywhere

With Norton™ Secure VPN, check email, interact on social media and pay bills using public Wi-Fi without worrying about cybercriminals stealing your private information

Try Norton Secure VPN for peace of mind when you connect online

Clare Stouffer
  • Clare Stouffer
  • Gen employee
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.