La definición ampliamente aceptada de amenaza
persistente avanzada es que se trata de un ataque selectivo de ciberespionaje o
cibersabotaje llevado a cabo bajo el auspicio o la dirección de un país, por
razones que van más allá de las meramente financieras/delictivas o de protesta
política. No todos los ataques de este tipo son muy avanzados y sofisticados,
del mismo modo que no todos los ataques selectivos complejos y bien
estructurados son una amenaza persistente avanzada. La motivación del
adversario, y no tanto el nivel de sofisticación o el impacto, es el principal
diferenciador de un ataque APT de otro llevado a cabo por ciberdelincuentes o
hacktivistas.
McAfee. Predicciones de amenazas para 2011.
An adversary that possesses
sophisticated levels of expertise and significant resources which allow it to
create opportunities to achieve its objectives using multiple attack vectors
(NIST SP800-61)
Scope Note: The APT:
1. pursues its objectives repeatedly over an
extended period of time
2. adapts to defenders’ efforts to resist it
3. is determined to maintain the level of
interaction needed to execute its objectives
ISACA, Cybersecurity
Glossary, 2014
The Advanced Persistent
Threat (APT) refers to a class of cyber threat designed to infiltrate a
network, remain persistent through evasion and propagation techniques. APTs are
typically used to establish and maintain an external command and control
channel through which the attacker can continuously exfiltrate data.
[knapp:2014]
An advanced persistent threat
(APT) is a network attack in which an unauthorized person gains access to a
network and stays there undetected for a long period of time. The intention of
an APT attack is to steal data rather than to cause damage to the network or
organization. APT attacks target organizations in sectors with high-value
information, such as national defense, manufacturing and the financial
industry.
In a simple attack, the
intruder tries to get in and out as quickly as possible in order to avoid
detection by the network's intrusion detection system (IDS). In an APT attack,
however, the goal is not to get in and out but to achieve ongoing access. To
maintain access without discovery, the intruder must continuously rewrite code
and employ sophisticated evasion techniques. Some APTs are so complex that they
require a full time administrator.
http://searchsecurity.techtarget.com/
Advanced Persistent Threats
(APT) are computer attacks usually driven by government agencies or terrorist
organizations conducting espionage or trying to take valuable data for non
financial purposes. Rarely are APTs led by political or commercial
organizations. However, in some cases, marginal threats do arise from obsessed
individuals and legitimate commercial organizations since the value of data
goes well beyond just the financial value. Incidents like Project Aurora and
Wikileaks highlights that data also has both political and military value.
http://www.imperva.com/resources/glossary/glossary.html
usually refers to a group,
such as a foreign government, with both the capability and the intent to
persistently and effectively target a specific entity. The term is commonly
used to refer to cyber threats, in particular that of Internet-enabled
espionage, but applies equally to other threats such as that of traditional
espionage or attack. Other recognised attack vectors include infected media,
supply chain compromise, and social engineering. Individuals, such as an
individual hacker, are not usually referred to as an APT as they rarely have
the resources to be both advanced and persistent even if they are intent on
gaining access to, or attacking, a specific target.
http://en.wikipedia.org/wiki/Advanced_persistent_threat
An Internet-borne attack
usually perpetrated by a group of individuals with significant resources, such
as organized crime or a rogue nation-statesuch as organized crime or a rogue
nation-state.
Cybersecurity for Dummies,
Palo Alto Networks Edition, 2014