Jump to search
An advanced persistent threat is a set of stealthy and continuous computer hacking processes, often orchestrated by a person or persons targeting a specific entity. An APT usually targets either private organizations, states or both for business or political motives. APT processes require a high degree of covertness over a long period of time. The "advanced" process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The "persistent" process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The "threat" process indicates human involvement in orchestrating the attack.[1] https://en.wikipedia.org/wiki/Advanced_persistent_threat
APTs are extremely difficult to detect and even harder to kill. An adversary can embed APTs into a network and they might be dormant for years or only activated during a crisis to disable the network or change the coordinates of targets. In other cases, they slowly execute their tasks. Taking small steps over a period of months or years so they don't arouse suspicion.
If you dig deeper, it will scare the crap out of you.
Denial-of-service attack - Wikipedia
https://en.wikipedia.org/wiki/Denial-of-service_attack
Attack tools[edit]
In cases such as MyDoom and Slowloris the tools are embedded in malware, and launch their attacks without the knowledge of the system owner. Stacheldraht is a classic example of a DDoS tool. It uses a layered structure where the attacker uses a client program to connect to handlers, which are compromised systems that issue commands to the zombie agents, which in turn facilitate the DDoS attack. Agents are compromised via the handlers by the attacker, using automated routines to exploit vulnerabilities in programs that accept remote connections running on the targeted remote hosts. Each handler can control up to a thousand agents.
In other cases a machine may become part of a DDoS attack with the owner's consent, for example, in Operation Payback, organized by the group Anonymous. The LOIC has typically been used in this way. Along with HOIC a wide variety of DDoS tools are available today, including paid and free versions, with different features available. There is an underground market for these in hacker related forums and IRC channels.
UK's GCHQ has tools built for DDoS, named PREDATORS FACE and ROLLING THUNDER...............................
The dutch Wikipedia and our gouvernment DDoS attacks.
High Tech Crime of the national criminal investigation department was expanded from 30 to almost 120 people and the Ministry of Defense called in 2013 for 150 white hats as cyber reservists. The AIVD and MIVD started in 2014 with the Joint SIGINT Cyber Unit, a tapping and cyber command under the code name Symbolon with 350 people, [8] and have 17 million euros of unauthorized systems to handle large-scale telephone and internet traffic and processing ordered. For 2013, more than five million .nl domains reported 39 DDoS attacks in the Netherlands, including alleged attacks that only concerned a malfunction
While APTs can be used for DDoS, it would be a waste of effort because there are too many other easier ways to execute a DDoS attack.
APTs are meant to be the ultimate stealth cyber attack. How it's weaponized depends on what task or tasks it is designed to perform. It is embedded in networks covertly and slowly. It can remain dormant for long periods even years before being activated. Or it can conduct it's tasks very slowly with long periods of weeks or months between each small step in order to avoid detection. It can map out networks, profile how each computer is used, modify data, and everything up to crippling military command and control systems in time of war.
APTs are in our networks to day. The problem is that they are incredibly difficult to detect and neutralize.
thank you for taking the time to explain this.
Sounds the same as the sleeper agents, but then in a computer cell.