The IT Law Wiki


An advanced persistent threat is

[a]n extremely proficient, patient, determined, and capable adversary, including two or more of such adversaries working together.[1]
an adversary with sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors (e.g., cyber, physical, and deception), to generate opportunities to achieve its objectives, which are typically to establish and extend footholds within the information technology infrastructure of organizations for purposes of continually exfiltrating information and/or undermining or impeding critical aspects of a mission, program, or organization, or to place itself in a position to do so in the future; moreover, the advanced persistent threat pursues its objectives repeatedly over an extended period of time, adapting to a defender's efforts to resist it, and with determination to maintain the level of interaction needed to execute its objectives.[2]
a cybercrime category directed at business and political targets. APTs require a high degree of stealthiness over a prolonged duration of operation in order to be successful. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached.[3]


"APTs involve activity largely supported, directly or indirectly, by a nation-state. APTs target carefully selected, high-value data in every industry, from aerospace to wholesalers, education to finance."[4]

"However, organizations that may or may not be state-sponsored may also use APT techniques to gain a competitive military advantage. Characteristics of an APT include a high level of sophistication in the malware's code, along with the targeting of certain networks or servers to glean specific information of value to the attackers or to cause damage to a specific target. Likely targets include government agencies and corporations in critical infrastructure sectors such as financial, defense, information technology, transportation, and health."[5]