What is an Advanced Persistent Threat (APT)?
The term APT or Advanced Persistent Threat, has been increasingly used to refer to the new silent threats to organizations.
An APT is a type of highly specialized malware that is used for attacks against specific targets, such as large corporations and government agencies. Behind these attacks may be foreign governments, activist groups, and competing companies trying to steal corporate R+D and confidential information or damage the targeted IT and Communications systems in the future.
The risk of an APT for any organization lies in the difficulty to identify it. If not detected, the malware can reside inadvertently in the IT systems for long periods of time, allowing hackers to take malicious actions.
Tarlogic has developed an APT called Acarus that can be used as a cyber weapon in remote penetration tests to detect channels of confidential data exfiltration from an organization to the Internet and check the existing security mechanisms against APT’s.
- An APT specialization is directly related to its infection capabilities, through a large number of different vectors such as USB keys, office documents, social engineering, leveraging on security flaws -0day exploit- to undermine the first line of defense of your company.
- Once the APT is deployed, it installs in the system where it can remain hidden and inactive during a long period of time, until it starts using the silent communication channels through seemingly legit network traffic (TCP, UDP, HTTP, HTTPs, DNS, Wi-Fi, etc.) to communicate with Tarlogic control center from where its activities are controlled.