Cyber Security and APT Groups
Ladislav Buřita, Thao Le Dinh
Abstract
This research aims to describe and analyse APT (Advanced Persistent Thread) groups and their activities. Information was taken from articles, reports, and studies; published by organizations dealing with cybersecurity. APT groups often operate in state sponsorship, but could also be sponsored by a company to obtain sensitive information about their competitors. The term APT is explained and then described in detail. The well-known APT groups from China, Russia, North Korea and Iran are included. The main goal of APT activities is espionage, financial gain, intelligent property theft, and sabotage. The life cycle of the APT attack is analysed and discussed. In the paper are compared four life cycle examples; they are divided into phases, from five to ten. The initial phase of all life cycles is „reconnaissance”. It determines the success of the attack and, of course, the reliability of the defence. The future research of APT groups is mentioned.