Skip to main content

In terms of threats to our computer systems, we think of individual hackers working to breach firewalls and steal data. The term ‘advanced persistent threat’ or APT came to apply to a common definition of an attacker that employed sophisticated or ‘advanced’ methods, and that once access was gained to a network could maintain a ‘persistent’ presence with the ‘threat’ being realised by the exfiltration of data.

Typically APT actors are usually nation-states or funded by major enterprises in order to attract the talent necessary to conduct the sophisticated attack and to maintain the staffing levels necessary to exploit the intrusions. So, in short-hand an APT usually refers to the intelligence communities within nation-state adversaries.

Because the realisation of an APT attack relies on local execution of malware, one of the simple and effective methods of defeating these types of attack is by application whitelisting, so that unauthorised software of any origin, typically malware, cannot execute on your network.

For more formal definitions of APT, see the following links: