Question

What are some Motivations and techniques used for Advanced Persistent Threats (APT)?

What are some events that may indicate an active attack in terms of APTs?

What are some Attack Surfaces and Vectors for Advanced Persistent Threats (APT)?

Answer 1

Motivations for Advanced Persistent Threats:

Usually motivations come from political and economic.

Every major business sector has recorded instances of cyberattacks by advanced actors with specific intention of trying to steal, spy, or damage.

Sectors affected include government, military, legal services, telecoms, consumer goods and many more.

Techniques used for Advanced Persistent Threats:

Some organisation takes help of espionage vectors, including social engineering, human intelligence and infiltration to gain access to a physical location to enable network attacks. These are done so that to install custom malicious software for malicious attacks.

Some events that indicate active attack:

1)HoneyMyte is an APT threat actor that we have been tracking for several years. Researchers have blogged about its variants that they had recently observed targeting Hong Kong. It has been used by multiple APT groups over the past decade, especially shared among Chinese-speaking threat actors, and has changed in many ways.

2)A computer worm, which was aimed at the Iran's nuclear program. In this case, the Iranian government might consider the Stuxnet creators to be an advanced persistent threat.

3)Group that is based in US has been tied to the North Korean government’s Reconnaissance General Bureau (RGB). Famous attack was on Sony in 2014 for producing a movie that painted their leader, Kim Jong-un.

Some Attack surfaces are:

1) Web Resources

2) Network Information

3) Human Users

Some Attack vectors are:

1) Social engineering

2) Spear phishing

3) DNS tunnelling

4) Vulnerability exploit

5) Rootkits such as trojans, worms, viruses