Hackers, sometimes, do not exploit an organisation’s security infrastructure for one-time access or immediate gains. They could bypass security controls and gain access to the network of an organisation with the intent to stay within the said network for long periods (anything from 1 week to 20 years). This kind of attacks are called "Advanced Persistent Threats".

Advanced Persistent Threats (APTs) are cyber-attacks in which hackers gain access to a network and remain undetected for a (long) time. Literally, APTs are advanced cyber attacks, involve persistence within a network, and pose huge threats to the victim. The intent of APTs, mostly, is centred on stealing sensitive information over time, monitoring network activity and/or establishing organisational behavioural patterns. The information gained from this APT exercise can then be used for other purposes (thefts, data leaks, political purposes).

How do Hackers Execute APTs?

Stealth is a very important tool in hackers' skillsets, and Advanced Persistent Threats requires all the stealth in a hacker's toolkit. However, hackers first must gain access to networks through phishing and/or other basic hacking techniques. Afterwards, the hacker uses continuous, sophisticated techniques, and his understanding of computer systems to remain undetected in the network for as long as he wishes. During their extended presence within the network, the hacker’s goal would be to gain root/system/admin access rights (via privilege escalation techniques). This would allow him easier access to all sections of the network (via lateral movement techniques) and would make it easier for him to cover his tracks.

Advanced Persistent Threat (APT) Attacks can be explained in 5 basic steps:

1. Infiltration / Initial Compromise: Gain access to the target network via phishing and/or other basic hacking techniques
2. Create Command & Control Center: The hacker installs remote administration in the victim’s network (called a Command & Control setup). Here, the hacker can use his system (the Command & Control Server) to transmit commands to a system(systems) in the victim’s network. Backdoors are also created to ensure that the hacker has continuous access to the target network
3. Privilege Escalation & Lateral Movement: After a foothold is gained, hackers need to broaden their presence within the network. The best way to do this is to increase the privileges available to the hacker (gain admin status). The hacker also tries to gain access to different workstations and segments of the victim’s network (lateral movement). This can be done using several techniques including: “Pass the Hash”, “SSH Hijacking”, etc. Privilege escalation & lateral movement allow the attacker to fulfil his reasons for the attack.
4. Complete Mission: The hacker can perform any range of activities including (but not limited to) data exfiltration, theft, etc.
5. Cover Tracks: As the name implies, perpetrators of advanced persistent threats (APT) are experienced hackers with extensive knowledge of how to cover their tracks in a network. APTs mostly always end with the hackers cleaning up most of their digital footprints within the victim's network (mostly by deleting logs of their activities). Covering tracks is especially important if the APT is politically motivated.