Advanced Persistent Threat
Advanced Persistent Threat (APT ) to German " advanced, persistent threat" is often in the range of cyber threats ( cyber attack ) used term for a complex, purposeful and effective attack on critical IT infrastructures and confidential data from public authorities, large - and medium-sized enterprises from all sectors representing potential victims because of their technological edge.
In the course of such an attack, the attacker proceed very purposefully and optionally also take great effort upon himself to penetrate further after the first intrusion into a computer in the local IT infrastructure of the victim. The goal of an APT is to remain undetected as long as possible to spy on sensitive information over a longer period ( Internet espionage) or otherwise cause damage.
It is typical for classical APT attacks that the perpetrators are investing a lot of time and manual labor and tools prefer, that are only suitable for single, specific tasks.
Dilution of the term
Originally, " APT" only as a euphemism for a certain form of digital industrial and economic espionage used, now it is eg used by manufacturers of security software for each something more advanced method of attack.
A neutral alternative is the term " Targeted Attacks " or targeted attack or Ausspähversuch.
Distinct from conventional attacks
In return for conventional attacks using malicious software, in which the selection of victims is not limited, the attack is performed only on a specific victim or at least a very severely limited number of victims. Also, instead of only a single resorted malicious software on a large number of techniques and tactics. The functions that are used in the typical harmful software of the criminal underground of profit ( manipulation of online banking, collecting access data from online shops ) are usually lacking in the tools used within APT attacks. This is also reflected in the action again - the data, which could be sold in the underground trade will not be collected and ignored by the perpetrators. Instead of access to online stores looking for and collecting the perpetrators access to other systems in the victim network to expand access to them and to finally be able to access the data that correspond to the procurement contract.
In particular, the victim is probed before a planned attack carefully and adjusted the malware used for the attack as much as possible to optimize the use purpose, as will be dispensed with conventional attacks. Other infectious vectors are eg infected media and social engineering. Persons, such as individual hackers are not usually referred to as APT as they rarely have greater resources and the necessary techniques.
Definitions
Advanced ( German: Fluent)
Distinct from conventional attacks with malicious software on indefinite, non-specific victim numbers. An APT, however, takes place on certain selected victims, individuals or institutions with advanced technology and tactics.
Persistent ( German: ongoing)
Distinct from conventional attacks with restriction to inject the malicious software on only one computer. APT is advantageous to the first infected hosts only as a springboard into the local network of the affected IT structure, to the main objective, such as a computer with research data, for longer spying or sabotage is reached.
Threat ( German: threat)
Self-explanatory - APT is a threat to vulnerable systems