Creator1

Advanced Persistent Threats, or APTs as they are referred to in the industry are threat actors that will attack computer networks to gain unauthorized access. These APTs are widely state-sponsored groups, meaning that they work for in an official or unofficial capacity for a government. Other APTs may have limited or no affiliation with government and may instead be affiliated with political groups/activist groups, these are called hacktivists generally (Think of the group anonymous here). Another facet to this landscape is understanding that there are APTs that have zero affiliation to a government or cause, usually working for themselves or organized crime groups, we refer to them as FIN actors, due to their heavy focus on financial services, and their motivation being profit.

APT’s are more prevalent than the average person would like to imagine, these groups have been operating against the United States sense the early 2000’s. Attacks can be financial in nature or the potential to be catastrophic. one such catastrophic incident occurred against Iran, with the Stuxnet computer worm. The worm was placed on a thumb drive and then eventually picked up and placed into a computer on a closed network system within one of Iran’s nuclear plants. The worm would take control of computers that were in charge of spinning the centrifuges inside the nuclear plant. The computer would give statuses about the health and status of the facility components. Instead, what this worm did was report back metrics that wouldn’t cause the engineers alarm, while at the same time, throttling the speed with which the centrifuges spun. I know this is wicked science stuff, but stay with me, here.

Multiple rounds of rapid acceleration and deceleration would cause these centrifuges to rupture internally, completely demolishing any safe operation of the nuclear power plant and Iran’s research for nuclear energy and weapons. (Keep in mind this is condensing a very complex cyber attack into a single paragraph). This single cybersecurity attack could have led to people being injured and at the very least, damaged billions of dollars of equipment and setback years of research for the Iranians.

This same trick (a thumb drive labeled ‘family photos’) was dropped outside of a U.S. forward operating base in the middle east. If you don’t know, this just means a base who’s location is generally unknown as it’s in dangerous or austere territory.) A member of the military (probably Air Force), placed this drive on a computer and compromised sensitive information relating to the FOB’s mission. This attack was so prolific to the United States that the response was to form USCYBERCOM (United States Cyber Command). This would ignite an industry that had really previously been reserved for nerds in coffee shops and cat people, the cyber security industry was now recognized as essential to the U.S. Military, and as we have seen in recent years, foreign policy.

Look for yourself:

If one is fascinated about ATP’s and wants to learn more I’d recommend starting here: https://attack.mitre.org/groups/

Mitre is a quasi-government entity that developed the MITRE ATTACK Framework. This is a framework for nerds and cyber security experts like me who can view all the known attack vectors that different APT’s use. This exact link is more for exploring the vastly different APT’s that are out there. China, Russia, Iran, and North Korea have some very interesting stories and groups. You will find that each APT has different charges and ideologies, as well as behaviors (we call these behaviors TTPs, Tactics, techniques, and procedures.) You’ll notice that they target specific groups as well and they have various motivation as well. For instance, you will find that north Korean APT’s are first, mostly operating out of China/ not their mother country, and secondly, they have a focus on crypto markets and loosely regulated banks. This is because their charge is to gather funds for the North Korean government. You will see in your own research that North Korea, the Lazarus Group specifically, had a very deep understanding of how the banking system works and was able to steal $951 million dollars from legitimate banks to banks owned by North Korea. The only reason they were caught is the bank they used had the same exact name as a ship the government was tracking. The name flagged and sent an alert to the government who was able to identify that the money transfer was not legitimate and caused by a cyber attack.