CW

Advanced Persistent Threats

Threat IntelligenceFree Lesson

Advertisement

Advanced Persistent Threats

APT groups, attack lifecycles, detection strategies, and defense against nation-state actors.

Overview

APTs are sophisticated, long-term cyber attacks.

APT Lifecycle

Architecture Diagram
1. Initial Compromise
   → Spear phishing, zero-days
   
2. Establish Foothold
   → Backdoors, web shells
   
3. Escalate Privileges
   → Credential theft, exploits
   
4. Internal Reconnaissance
   → Network mapping
   
5. Lateral Movement
   → Pass-the-hash, RDP
   
6. Data Exfiltration
   → Covert channels

Notable APT Groups

GroupOriginTargets
APT29RussiaGovernment, healthcare
APT41ChinaTechnology, telecom
LazarusNorth KoreaFinancial, crypto
OceanLotusVietnamMaritime, media

Detection Strategies

# APT detection indicators
indicators = {
    "network": [
        "beaconing_patterns",
        "dns_tunneling",
        "unusual_ports"
    ],
    "host": [
        "unusual_processes",
        "persistence_mechanisms",
        "credential_access"
    ],
    "data": [
        "unusual_data_transfers",
        "large_downloads",
        "compression_activity"
    ]
}

Defense Strategies

LayerControls
PreventionEDR, email security
DetectionSIEM, threat hunting
ResponseIR plan, forensics
RecoveryBackups, business continuity

Threat Hunting for APTs

-- Hunt for beaconing
SELECT src_ip, dst_ip, COUNT(*) as connections,
       STDDEV(connection_duration) as jitter
FROM connections
WHERE connection_duration > 0
GROUP BY src_ip, dst_ip
HAVING COUNT(*) > 100 AND STDDEV(connection_duration) < 10

Practice

Hunt for APT indicators in a sample dataset.

Advertisement

44 Security Training Programs46 Security Architecture Review

Need Expert Cybersecurity Help?

Get personalized security training or professional consulting.

Contact Us →View Services

Advertisement