Advanced Persistent Threat (APT)

1. An adversary who possesses sophisticated levels of expertise and significant resources that allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). (From: NIST SP 800-53 Rev 4) (NCCS).

These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives. NIST SP 800-39.

Source: The Cyber Glossary, National Security Archive, George Washington University, https://nsarchive.gwu.edu/news/cyber-vault/2018-09-19/cyber-glossary; Explore Terms: A Glossary of Common Cybersecurity Terminology, National Initiative for Cybersecurity Careers and Studies (NICCS), https://niccs.us-cert.gov/about-niccs/glossary; The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/sites/default/files/files/publication/StateLocalPlaybook%201.1.pdf

2. A sophisticated adversary that (i) pursues its objectives repeatedly over an extended period of time, (ii) adapts to defenders’ efforts to resist it, and (iii) is determined to maintain the level of interaction needed to execute its objectives.

Source: U.S. Cyberspace Solarium Commission, March 2020, https://subscriber.politicopro.com/f/?id=00000170-c638-d8f7-a7f1-f63b33510000

3. An extremely proficient, patient, determined, and capable adversary, including two or more of such adversaries working together. (DoDI 5205.13, Defense Industrial Base Cyber Security/Information Assurance Activities, 29 Jan 2010).

Also, [in computer security usage] cyber attacks mounted by organizational teams that have deep resources, advanced penetration skills, specific target profiles and are remarkably persistent in their efforts. They tend to use sophisticated custom malware that can circumvent most defenses, stealthy tactics and demonstrate good situational awareness by evaluating defenders responses and escalating their attack techniques accordingly.

Source: Terms & Definitions of Interest for DoD Counterintelligence Professionals, Office of the National Counterintelligence https://www.dni.gov/files/NCSC/documents/ci/CI_Glossary.pdf

4. An industry term used to describe suspected offensive cyber activity in which the cyber actor occupies the network for an extended period while continuously penetrating systems and avoiding detection.

Source: Cyber Threats to Elections – A Lexicon, Cyber Threat Intelligence Integration Center (CTIIC), Office of the Director of National Intelligence, https://www.dni.gov/files/CTIIC/documents/CTIIC_2018_Lexicon_without_banner_small_file_for_Post.pdf