Advanced Persistent Threats (APTs) and groups

The term APT is used to describe a stealthy threat actor, frequently but not always state-sponsored, that is known to have gained unauthorised access to computer networks and has remained undetected for an extended period of time.


Threat actors are known to combine multiple tools, tactics and techniques that lead to a successful intrusion. Whilst every component individually may not be "advanced" but rather simple (frequently copy/pasted from other attacks), the combination leads to sophisticated attack chain that is difficult to detect and contain.


Threat actors are known to have adopted a rather slow but guaranteed-to-work approach. This approach does not bring quick monetisation and success but in the long run allows adversaries to achieve their goals - long term access to networks and compromised devices without detections and alerts from security systems.


APTs are indeed a threat. They are financially or politically driven, have time to invest in information gathering and trial and error. Although they may develop various tools that help impair defences and evade detection, majority of actions are executed manually.

Learn more about groups

The Mitre ATT&CK website currently tracks 143 groups and is one of the largest resources. The tactics and techniques of each group are described in-depth and links to recent news/activities are provided.