
Advanced Persistent Threats and Nation-State Actors
Overview
An advanced persistent threat (APT) is a well-resourced adversary engaged in sophisticated malicious cyber activity that is targeted and aimed at prolonged network/system intrusion. APT objectives could include espionage, data theft, and network/system disruption or destruction.
According to NIST, an APT is an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.
APTs: What’s in a Name/Number?
Organizations within the cybersecurity community conducting APT research assign names/numbers to APTs upon discovery. Because more than one organization engages in APT research and there may be overlaps among APTs and there can be multiple names for a single APT. For examples of APT listings, see MITRE ATT&CK’s® Groups and Mandiant’s APT Groups.
Nation-State Cyber Threats
APT groups are often nation-state actors or state-sponsored groups. CISA regularly publishes alerts and advisories to help defend against state-sponsored malicious cyber activity. See the following webpages for overviews of publicly available, open-source intelligence and information regarding state-sponsored cyber threats from four nations: China, Russia, North Korea, and Iran.
CISA’s Role
CISA actively supports and collaborates with the cybersecurity community in defending against APT activity. CISA provides the following resources that can greatly aid organizations in defending against APT activity:
Cyber Performance Goals (CPGs)
Provide a baseline of fundamental cybersecurity practices organizations can implement to meaningfully reduce the likelihood and impact of APT activity.
Cybersecurity Advisories
CISA regularly publishes Cybersecurity Advisories that cover:
- APT tactics, techniques, and procedures, and
- Specific mitigations to protect against these threats.
Vulnerability Scanning service
This free service sends subscriber organizations alerts when the service identifies vulnerabilities known to be exploited by APTs.
Cybersecurity Advisors
Regional CISA Cybersecurity Advisors advise, assist, and provide a variety of risk management and response services to critical infrastructure and SLTT organizations.
Contact Us
Need CISA's help but don't know where to start?
Organizations can also report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.