Defining Advanced Persistent Threat (APT)
Updated: May 1, 2020
Just mention APT in your presentation/product, people will come and listen to you.
A passing remarked I received from my friend when I was preparing for a brief presentation on honeypots. It is very much the truth since the discovery of Operation Aurora. You see talks, whitepapers, dossiers, and products talking about what is APT, and how they can prevent them. When there isn’t a uniformed definition APT.
So… What's APT?
It’s persistence of the adversary and the variety of techniques they’re using like malware or social engineering, against a nation’s significant economic interests.
— Eddie Schwartz, CSO of NetWitness
APT is just a new phrase to describe malware that took advantage of sometimes simple weaknesses in networks that the targeted, victimized organization spent millions of dollars investing in technology. APT is a wishy-washy expression, because the threat usually “is not ‘advanced.'"
— Greg Hoglund, CEO of HBGary
APT means an attack targeted at an organization to steal data, especially intellectual property. It’s stealthy, not a slash-and-burn. And it is persistent, not a one-time event, lasting a protracted period of time.
— Gerry Egan, Director of Product Management of Symantec
Not all APT attacks are highly advanced and sophisticated, just as not every highly complex and well-executed targeted attack is an APT. The motive of the adversary, not the level of sophistication or impact, is the primary differentiator of an APT attack from cybercriminal or hactivist one.
Emil Tan, Skipper & Co-Founder, Div0