An abstract image of the globe with cyber elements

Advanced Persistent Threats

CISA can help individuals and organizations enhance network, device, and online safety to defend against advanced persistent threats.

Overview  

An advanced persistent threat (APT) works to access computer networks and systems without being detected or noticed. These threats, sometimes enacted by a nation state or state-sponsored group, can steal private information, damage IT systems and disrupt the function of vital systems. Defending against Advanced Persistent Threats is a difficult task as they act stealthily, and their intrusions can be hard to recognize.

CISA’s Role   

CISA provides a holistic approach to defending against advanced persistent threats. CISA offers tools, assessments, and services to enhance network, device, and online safety for both individuals and organizations. CISA coordinates information sharing to spread awareness of vulnerabilities, strategies for defense, and potential threats. CISA also offers tools and expertise needed to response to events once they have been detected. By shoring up cybersecurity practices across our nation, we protect ourselves from dangerous advanced persistent threats.

Featured Content

Shields Up

Stay Shields Up! to prepare for, respond to, and mitigate the impact of cyber-attacks. CISA is here to support you and your cybersecurity needs with expert resources, tools, and services to protect you from cyber threats. 

Joint Cyber Defense Collaborative

JCDC promotes national resilience by coordinating actions across federal agencies; state, local, tribal, and territorial partners; and private sector entities to identify, protect against, detect, and respond to malicious cyber activity.

CISA in Action

Discover the latest security tips and how CISA is keeping protect our nation against advanced persistent threats.

View All Cyber Threats and Advisories News

Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

OCT 22, 2020 | CYBERSECURITY ADVISORY | AA20-296A
This joint cybersecurity advisory—written by the FBi and CISA—provides information on Russian state-sponsored advanced persistent threat actor activity targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks.

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

DEC 17, 2020 | CYBERSECURITY ADVISORY | AA20-352A
CISA is aware of compromises of US government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat actor beginning in at least March 2020.

Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data

OCT 30, 2020 | CYBERSECURITY ADVISORY | AA20-304A
CISA and the FBI are aware of an Iranian advanced persistent threat actor targeting US state websites, including election websites. CISA and the FBI assess this actor disseminated voter intimidation emails to US citizens and US election-related disinformation in mid-October 2020.

Advanced Persistent Threat Actors Targeting U.S. Think Tanks

DEC 01, 2020 | CYBERSECURITY ADVISORY | AA20-336A
CISA and the FBI have observed persistent continued cyber intrusions by advanced persistent threat actors targeting U.S. think tanks, often (but not exclusively) directed at individuals and organizations that focus on international affairs or national security policy.
View All Cyber Threats and Advisories News

Resources, Tools, and Publications

CISA offers guides, tools, and other resources to protect against advanced persistent threats.

View All Cyber Threats and Advisories Resources

Advanced Persistent Threat Actors Targeting U.S. Think Tanks

DEC 01, 2020 | CYBERSECURITY ADVISORY | AA20-336A
CISA and the FBI have observed persistent continued cyber intrusions by advanced persistent threat actors targeting U.S. think tanks, often (but not exclusively) directed at individuals and organizations that focus on international affairs or national security policy.

APT Groups Target Healthcare and Essential Services

MAY 05, 2020 | CYBERSECURITY ADVISORY | AA20-126A
CISA and NCSC continue to see indications that advanced persistent threat groups are exploiting the COVID-2019 pandemic as part of their cyber operations. This alert highlights ongoing activity against organizations involved in both national and international COVID-19 response.

APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

OCT 09, 2020 | CYBERSECURITY ADVISORY | AA20-283A
CISA has observed advanced persistent threat actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability in Windows Netlogon. "Vulnerability chaining" exploits multiple vulnerabilities in the course of a single intrusion.

Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure

PUBLICATION
This CISA Insights provides critical infrastructure owners and operators with guidance on how identity and mitigate the risks of influence operations.
Download File (PDF, 411.55 KB)
View All Cyber Threats and Advisories Resources

Contact Us

Need CISA's help but don't know where to start?

Organizations can also report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.