What Is an Advanced Persistent Threat?

An advanced persistent threat is a type of cyber threat often associated with malicious computer use and activities such as hacking. What differentiates this type of threat from other hacking attempts are the two primary aspects of the term itself, the fact that it can be quite advanced and that these attempts are persistent. This type of threat is often sponsored by a nation or a large organization, and so it has greater resources and capabilities than a lone hacker or a small group. An advanced persistent threat also typically targets a particular system for a certain purpose that goes beyond basic theft or computer abuse.

The origins of the term “advanced persistent threat” are somewhat unclear, but it likely stems from a government agency or military organization within the US. In general usage, it can refer to any type of ongoing and maintained cyber attack against a large target, such as a country’s defense organization or a major corporation. Though an advanced persistent threat can come from just about any well-organized source, it typically refers to acts of cyberterrorism or cyber-espionage that are government funded and sponsored. Many countries not only engage in this type of espionage, but have also developed organizations and military groups responsible for defending against these types of attacks.

One of the areas of disagreement and inconsistency with reference to the name “advanced persistent threat” is in the first word: advanced. This implies that these threats utilize complicated or very advanced technology or software, while this is not always the case. An advanced persistent threat can use basic types of malicious software to launch an attack against a group. The way in which this malware is initially used and escalated, however, is what makes these threats so troublesome to organizations and countries.

This largely comes from the signature aspect of an advanced persistent threat, the fact that it is persistent and ongoing. While fairly simple malware may be used in an initial attack, if this is defended against, then the attack is likely to escalate and more complex or advanced software may then be used. The goal of an advanced persistent threat is typically to attack a specific system and obtain information or data that can be used in a particular way. This type of drive and organizational objective separates these attacks from other hacking attempts that may be intended to disrupt commerce, and provides the impetus for ongoing attempts to steal sensitive data or sabotage an enemy system.