APT Secrets: The Spy Who Never Left the Building
Understanding Advanced Persistent Threats through the life of a covert spy mission.
Today lets learn more of cyber security concepts. We now create another scenario. They say change is the core factor in human life. Let’s change the learning path as well. Usually, I make up the whole scene and describe bits. Today we will make bits and add up all together to make a new story.
First bit looks like when a spy enters a country’s any government office sneaking in through false identity or a gate where there is low security or where there is no security (a loophole that is not identified yet). Now that’s a matter of nation’s security an infection has been done inside a government office.
Now second bit includes the hiding of that spy. Remember it entered unauthorized and with false identity so it should maintain its act to stay inside and match others legal employees so that there no doubts. Persistency is needed before taking any action.
Third bit is the communication that spy needs to survive and convey confidential information to complete its mission. Communication to who? The one who sent him in. The one who is directing all this plan. The spy is just the medium.
Fourth bit and the final one to check and mate the nation’s security system and completely ruthlessly destroy the nation. Control is the final act. That means the spy will now be inside the office slowly and steadily damage the government office with all commands and control done on the spy by the controller(head).
And friends that’s how a successful spy mission is achieved.
Joining all these bits makes up a simplified life cycle of an operation carried out by an APT.
Advanced Persistent Threat: the ACE master of all the cyber-attacks who rarely fails on their mission.
A prolonged, stealthy, and continuous cyberattack in which an unauthorized, highly skilled, and well-funded group (often nation-state sponsored) gains access to a network and remains undetected for an extended period is known as APT.
Lets join all these dots together.
First bit I stated where the infection happened. APT groups gain access to their target through vulnerabilities already inside the system or through techniques like social engineering, phishing or stolen credentials.
Now that the virus or infected software is inside the boundary it play safe.
Second bit of the story APT’s weapon or infected software stay persistent with no big action.
Third bit where they communicate to controller to communicate and get a go sign. In cyber security this communication is often called Command and Control (C2), where the infected system communicates with the attacker and receives instructions.
Now finally they stay in control of the group.
It all ends up in a cyber-attack as a result.
INFECTION, PERSISTENCE, COMMUNICATION, CONTROL.
That’s what all happened.
