APT has been around for a while now, but their existence is vague and only known to those who cares about the issue in cyber security. The primary definition as defined by Professor Sam Musa , it is a set of stealthy  and continuous computer  hacking processes, often  orchestrated by human(s) that targets a specific entity. APT Usually targets organizations and/or nations for business or political motives. Breaking down the terminology of APT, to avoid any ambiguous meanings to the terms. the term “Advanced” in APT, signifies the process used are in sophisticated  technique by using a malware to exploit vulnerabilities in systems. The “Persistent” process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. While, the “Threat” process indicates human  involvement  in orchestrating and because they have both capabilities and intent to do so.

History of APT, starts with the first warning against targeted, socially engineered  emails dropping trojans to exfiltrate sensitive  information  were published by UK and US CERT organization in 2005, although the acronym “APT” was not yet used back then. They only use the term “advanced persistent threat” as general citation as it was originated from United Air Force in 2006 by Colonel Greg Rattray who cited the term frequently. In March 2005. Stuxnet, a computer worm was used to target the computer hardware of Iran’s nuclear program, the creators of Stuxnet was considered by the Iranian government as APT. Numerous sources have alleged that some APT groups are affiliated with, or are agents of, nation-states. Businesses holding a large quantity of personally identifiable information are at high risk of being targeted by APT. Including the the Higher education institution and Financials Institution. These are the APT Characteristic:

• Objectives Driven
• Specific Timelines
• Funded Resources
• Risk Tolerance
• Skills and Methods
• Actions
• Attack Originations Points
• Numbers Involved in the Attack
• Knowledge sources

The Actors behind the APT develop and manages organizations’ financial assets, intellectual property, reputation by a continuous process or rather a Life Cycle, an APT Life Cycle. In general APT started with targeting a specific organizations for a singular objective. Next is to attempt gaining a foothold in the environment by using a common tactics include spear phishing emails. Then, Using the compromised system as access into the target network, in addition with additional tools that help fulfill the attack objective and finally covering the tracks to maintain access for future initiatives.

Diagram Above is the Global Landscape of APTs from all sources, sometimes it is also referred to as singular of APT, as the APT are reference to the actor behind the specific incident or series of engineered disaster.

Case: APT

Back in 2013, Mandiant presented  their result of their research on an alleged Chinese attacks using APT methodology between 2004 and 2013  that followed similar lifecycle. In incidents analysed by the Mandiant, the average period over  which the attackers controlled the victim’s network was one year, with the longest – almost five year. Chinese officials have denied any involvement on the attack of the incidents.

The infiltration by Shanghai-based Unit 61398 of People’s Liberation Army in series of Life Cycle.

• Initial Compromise
• Establish Foothold
• Escalated Privilege
• Internal Reconnaissance
• Move Laterally
• Maintain Presence
• Complete Mission

With this series of APT attack might compromising the future of internet and Cyber Security, a Mitigation Strategies or rather a guidelines to prevent any future attack of APT. These are the steps:

• the Command and Control Network Traffic associated with APT can be detected at the network layer level
• Deep Log analyses and log correlations from various sources can be useful in detecting APT activities
• A good asset management with documented components of the original Operation System plus software will help IT security analysts detect new files on the system

Recent APT Attack, Carbanak is an APT-style campaign targeting(but not limited) mostly to financials institutions. The malware was introduced to its targets via phishing emails, hacker group was said to have stolen over 500 million dollars, 1 billion dollars in other reports. The victim were not only the banks, it was also the a thousands of private customer. This group was discovered in 2015 by the Russian/UK Cyber Crime company kaspersky Lab who said that it had been used to steal money from the banks all over the world.