What is an advanced persistent threat?

How does an advanced persistent threat work?

Threat actors use all kinds of hacking techniques to get into a targeted network and stay inside as long as possible. An advanced persistent threat usually targets large organizations and/or government entities.These types of attacks are often orchestrated by hostile nations.

If you consider a regular cyberattack, it doesn't last long. Hackers want to do their job and get out of a network without being caught. With an APT attack, it’s a whole different story. It can last for months and even years without anyone realizing they have an unwanted guest in their network.

Countries like North Korea, Russia, Iran, and China are known for spying on other nations and collecting intelligence. The Tardigrade malware is one of the recent examples of APT attacks. However, it’s still not clear who might be responsible for orchestrating it.

Stages of an APT attack

1. Getting access. Attackers gain access to a network by using spear phishing techniques or exploiting software vulnerabilities. They then deploy malware.
2. Establishing a backdoor. A backdoor and several other entry points are created. These entry points can be used in case the first one is detected.
3. Gaining administrative privileges. Once attackers can move freely around a network, they seek administrative access. This way, they can eavesdrop on all kinds of valuable data, which might be accessible to only certain high-level employees.
4. Stealing data. When hackers have comfortably established themselves inside a network, they start spying on a target. They can steal anything, from users’ passwords to state secrets.
5. Erasing tracks. After collecting the information they need, attackers may hide their tracks and abandon the infected network. However, they may also leave a backdoor in case they need it in the future.

Advanced persistent threat examples

Deep Panda

Deep Panda is a Chinese cyber espionage group that was first spotted in 2011. Two years later, Deep Panda entered the limelight after hacking Adobe and stealing 38 million users’ data, including names, passwords, and payment details. Hackers exploited a known software vulnerability, installed malware on Adobe web servers, and created a backdoor.

A couple of years later, the United States Office of Personnel Management (OPM) became another victim of Deep Panda. Criminals stole 22.1 million records, including the names, social security numbers, and addresses of government employees and their family members.

Researchers claim that cyberattacks against the OPM were conducted in two stages. It’s not known when the first attack happened, but the second one was discovered in 2014.

Lazarus group

The Lazarus group is a North Korean state-sponsored hacking organization known for multiple cyberattacks in at least 31 countries. Little is known about this group, but it targets large corporations like Sony, banks, and foreign governments.

During the COVID-19 pandemic, pharmaceutical companies became a common target of the Lazarus group. A wide range of AstraZeneca employees working on coronavirus research received malicious emails, but no data was compromised.

APT34

APT34 (also known as Helix Kitten or OilRig) is an Iranian hacker group that has been operating since 2014, primarily in the Middle East.

In 2020, cybersecurity experts discovered that APT34 was targeting Westat, a US-based research company, which provides services to various enterprises and government agencies. Hackers used a phishing email that was masked as an employee satisfaction survey.

How to protect yourself against APT attacks

Update your software on time. Postponing updates can be tempting, and many employees fall into this habit. Hackers often exploit known software vulnerabilities that have already been patched.

Securely distribute credentials. User credentials shouldn't be distributed via plain-text emails or instant messaging (where information may be kept in session logs).

Never click on suspicious links. Closely inspect every email you get and never rush into clicking on links or attachments. Phishing emails can be crafted extremely well and cybercriminals use social engineering techniques to make sure you open them.

Train your staff. Cybersecurity awareness is still relatively poor, and many employees lack a proper understanding of digital risks.

Use Threat Protection. By enabling NordVPN's Threat Protection feature, users can protect themselves against high-risk websites where they might pick up malware and exploit kits. Threat Protection helps to prevent people stumbling into dangerous areas of the Internet, and improves overall security and privacy.

Want to read more like this?

Get the latest news and tips from NordVPN.

Subscribe

Subscribe

You've successfully subscribed to our newsletter!

Email is invalid

Subscribe

We won't spam and you will always be able to unsubscribe.