ULTIME NEWS: Gyala riconosciuta Sample Vendor nel documento “Emerging Tech: AI in CPS Security” di Gartner Leggi

Focus Advanced Persistent Threat (APT)

What do we know about silent attacks aimed at stealing data?

APTs are threats that operate under the radar and are one of the most insidious tools in the hands of hackers. They are not “explosive” or immediately visible attacks, but silent, prolonged and meticulous operations that aim to steal sensitive information without arousing suspicion.

What are APT (Advanced Persistent Threat)


APTs are, in effect, cyber-espionage campaigns: they are distinguished by their ability to penetrate systems and maintain unauthorized access for extended periods of time, with the aim of exfiltrating data. Their strength lies in being silent: hackers do not seek to cause immediate and visible damage, but rather to be unseen for as long as possible, to maximize the value of stolen information.

Target case: supply chain compromise

The Supply Chain Attack is a cyber-attack that aims to harm an organisation by targeting the least secure elements in its supply chain. In essence, such an attack exploits trust and privileged access between the entities involved in the chain, taking advantage of weak points to gain unauthorized access and perform malicious actions.

An emblematic example dates to 2013. Let’s talk about the attack on the distribution chain Target. The attackers first compromised a small HVAC supplier to gain access to the internal network (Supply Chain Attack) and, once inside, they moved sideways through the network, until reaching the payment systems. The attack lasted several months and led to the theft of more than 40 million credit card information and personal data of 70 million customers.

The cyber kill-chain of an APT

To understand the dynamics of an APT, it is useful to analyse the so-called “cyber kill-chain“, a model that divides the attack into several phases:

  1. Gain access to: Attackers exploit vulnerabilities or social engineering techniques, such as spear phishing, to obtain your login credentials.
  2. Consolidate its presence: Once inside, they set up backdoors and modify logs to avoid detection, creating the conditions for a prolonged attack.
  3. Privilege escalation: Attackers try to gain administrative privileges to extend their control over the network and access more sensitive data.
  4. Lateral movement: They use compromised credentials to move around the network, probing other segments and looking for more useful information.
  5. Acquisition of information: Finally, they exfiltrate data. Often the attackers and their actions are not discovered for months or even years.

The theft of data from Sony Pictures

Another significant case is the 2014 attack on Sony Pictures, attributed to the APT group known as Lazarus, presumably linked to North Korea. This attack followed the cyber kill chain in an exemplary way: The hackers gained initial access via spear phishing, consolidated their presence with backdoors and then extracted sensitive data, including corporate emails and yet unreleased movies. The attack caused huge reputational and financial damage, demonstrating the devastating impact that an APT can have on a large company.

How to prevent and combat APT:

Countering a threat such as APTs requires a proactive, multi-layered security strategy.
Here are some measures that can make a difference:

  • Continuous monitoring of network traffic: Crucial to detect suspicious activities and attempts to exfiltrate data.
  • Implementation of whitelisting: Restricting access to only approved domains and software, drastically reduces the chances of an attack being successful.
  • Training of staff: The first point of access for attackers are often users, so ongoing training on phishing and social engineering is essential.
  • Access control: Implement strict access control policies, including multi-factor authentication (MFA), to limit damage in the event of credentials being compromised.

No worries with the Cyber Security Agger solution

APT attacks are one of the most serious and difficult to spot threats in the world of cybersecurity, but, thanks to its sophisticated multi-level control and response system, Agger is your ideal ally.