A Study on Advanced Persistent Threats

  • Ping Chen
  • Lieven Desmet
  • Christophe Huygens
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8735)


A recent class of threats, known as Advanced Persistent Threats (APTs), has drawn increasing attention from researchers, primarily from the industrial security sector. APTs are cyber attacks executed by sophisticated and well-resourced adversaries targeting specific information in high-profile companies and governments, usually in a long term campaign involving different steps. To a significant extent, the academic community has neglected the specificity of these threats and as such an objective approach to the APT issue is lacking. In this paper, we present the results of a comprehensive study on APT, characterizing its distinguishing characteristics and attack model, and analyzing techniques commonly seen in APT attacks. We also enumerate some non-conventional countermeasures that can help to mitigate APTs, hereby highlighting the directions for future research.


advanced threat APT sophisticated attacks cyber security 


  1. 1.
    Alperovitch, D.: Revealed: Operation Shady RAT (2011)Google Scholar
  2. 2.
    Bejtlich, R.: What Is APT and What Does It Want (2010),
  3. 3.
    Bennett, J.T., et al.: Poison Ivy: Assessing Damage and Extracting Intelligence (2013)Google Scholar
  4. 4.
    Giura, P., Wang, W.: Using large scale distributed computing to unveil advanced persistent threats. SCIENCE 1(3) (2013)Google Scholar
  5. 5.
    Gragido, W.: Lions at the Watering Hole – The “VOHO” Affair (2012),
  6. 6.
    Haq, T., Khalid, Y.: Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents (2013)Google Scholar
  7. 7.
    Hutchins, E.M., et al.: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. In: Proceedings of the 6th International Conference on Information Warfare and Security (2013)Google Scholar
  8. 8.
    ISACA. Advanced Persistent Threat Awareness (2013)Google Scholar
  9. 9.
    Kaspersky. The Icefog APT: A Tale of Cloak and Three Daggers (2013)Google Scholar
  10. 10.
    Kindlund, D., et al.: Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website (2014)Google Scholar
  11. 11.
    FireEye Labs. Fireeye advanced threat report 2013 (2014)Google Scholar
  12. 12.
    McAfee Labs. Protecting Your Critical Assets: Lessons Learned from “Operation Aurora” (2010)Google Scholar
  13. 13.
    Liu, S.-T., Chen, Y.-M., Lin, S.-J.: A novel search engine to uncover potential victims for APT investigations. In: Hsu, C.-H., Li, X., Shi, X., Zheng, R. (eds.) NPC 2013. LNCS, vol. 8147, pp. 405–416. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  14. 14.
    Mandiant. The Advanced Persistent Threat (2010)Google Scholar
  15. 15.
    Mandiant. APT1: Exposing One of China’s Cyber Espionage Unit (2013)Google Scholar
  16. 16.
    Information Warfare Monitor and Shadowserver Foundation. Shadows in the Cloud: Investigating Cyber Espionage 2.0 (2010)Google Scholar
  17. 17.
    NIST. Managing Information Security Risk: Organization, Mission, and Information System View. SP 800-39 (2011)Google Scholar
  18. 18.
    O’Gorman, G., McDonald, G.: The Elderwood Project (2012)Google Scholar
  19. 19.
    Zubair Rafique, M., et al.: Evolutionary algorithms for classification of malware families through different network behaviors. In: Proceedings of the Genetic and Evolutionary Computation Conference (2014)Google Scholar
  20. 20.
    Rivner, U.: Anatomy of an Attack (2011),
  21. 21.
    Schmid, M., et al.: Protecting data from malicious software. In: Proceedings of the 18th Annual Computer Security Applications Conference, IEEE (2002)Google Scholar
  22. 22.
    Singh, A., Bu, Z.: Hot Knives Through Butter: Evading File-based Sandboxes (2014)Google Scholar
  23. 23.
    Symantec. Advanced Persistent Threats: A Symantec Perspective (2011)Google Scholar
  24. 24.
    Tankard, C.: Advanced Persistent Threats and how to monitor and deter them. Network security 2011(8), 16–19 (2011)CrossRefGoogle Scholar
  25. 25.
    Thomson, G.: APTs: a poorly understood challenge. Network Security 2011(11), 9–11 (2011)CrossRefGoogle Scholar
  26. 26.
    Thonnard, O., Bilge, L., O’Gorman, G., Kiernan, S., Lee, M.: Industrial espionage and targeted attacks: Understanding the characteristics of an escalating threat. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 64–85. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  27. 27.
    TrendLabs. Spear-Phishing Email: Most Favored APT Attack Bait (2012)Google Scholar
  28. 28.
    Villeneuve, N., Bennett, J.T.: XtremeRAT: Nuisance or Threat (2014)Google Scholar
  29. 29.
    Villeneuve, N., et al.: Operation Ke3chang: Targeted Attacks Against Ministries of Foreign Affairs (2013)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Ping Chen
    • 1
  • Lieven Desmet
    • 1
  • Christophe Huygens
    • 1
  1. 1.iMinds-DistriNetKU LeuvenLeuvenBelgium

Personalised recommendations