APT Attacks: Targets & Tactics
What are APTs?
An Advanced Persistent Threat (APT) is a sophisticated, sustained cyberattack where an intruder establishes a hidden presence within a network to steal sensitive data over an extended period. These attacks are carefully planned, designed to infiltrate specific organizations, evade existing security measures, and operate covertly. APT attacks require high customization and sophistication, with well-funded and experienced cybercriminals targeting high-value organizations utilizing advanced evasion techniques (CrowdStrike, Imperva, Coursera).
China, Russia, and Iran are known to have APT groups conducting APTs with China and Russia reportedly connected to nearly 63% of all known APT groups worldwide. Some commonly known names for APT groups based on their country of origin are Pandas for Chinese APT actors, Bears for Russian APTs, and Kittens for Iranian APTs (Malwarebytes). These APT groups target high-value entities like governments, large corporations, or critical infrastructure, with some famous examples being the Equation Group, Lazarus Group, and Stuxnet (SoftwareLab).
CrowdStrike tracks over 150 adversaries worldwide, including nation-states, cyber-criminals, and hacktivists, showcasing the diverse landscape of APT actors. Some examples of APTs include:
- PLA 61398 (APT 1) and PLA 61486…