What is this APT Thing, Anyway?

Ther term APT has been tossed about in various forums and associated with security, hacking, terrorism, state sponsored attacks, botnets, advanced malware, next generation malware, etc.  The net result is that the term means quite different things to different people.  Gunter Ollman, VP of Research at Damballa talks about the futility of defining what an Advanced Persistent Threat is, and is not. 

I subscribe to the simplified definition as:  A malicious software threat of sufficeint engineering and limited, targeted deployment so as to defeat signature based scanners.  It is advanced in that it is tactically made to target an individual, business, or organization.  It is persistent in that its strategically contained ditribution and reduced potential for noise generation allow it to remain covertly deployed.

Damballa Blog

Advertisements