• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Government Cyber Security » What are Advanced Persistent Threat Groups?

What are Advanced Persistent Threat Groups?

2019-05-20 by Michelle Dvorak

Advanced Persistent Threat List

List of Advanced Persistent Threat Groups – hackers behind some of the most successful and well-known cyber attacks in the world

Advanced Persistent Threat (APT) groups are organized hacking and cyber intelligence actors, including individuals or groups. APT groups infiltrate companies and governments, engaging in espionage and sometimes hack financial institutions to fund their activities and those of their sponsoring organization. APT groups are frequently state-sponsored hacking groups, but not always. As the name implies, the attacks occur slowly over long periods of time.

The name, advanced persistent threat, is believed to have originated in the US Air Force around 2006. APT groups demonstrate long-term patterns of skilled computer network exploitation focused on governments, companies, and geopolitical issues. Not all malware campaigns are APT attacks.

APT groups are named with a number, such as APT28. They are also given other names invented by cyber security researchers, like Cozy Bear or Gothic Panda. Because cyber security companies operate in multiple countries. cyber security firms use pseudonyms to talk about the hacking groups to avoid offending the government agency behind the APT group.

Major powers are involved in hacking and cyber espionage. Although they don’t have an APT name, the first and the most skilled group of hackers is under the behest of the US federal government and is known as the Equation Group.

Heimdel Malware Protection
Heimdel Malware Protection

What Are the Characteristics of an Advanced Persistent Threat?

Advanced Persistent Threats are always targeted attacks that work slowly to avoid detection. APT attacks go after the data of governments, police organizations, or military organization. The multi-phase effort can involve any attack vector on an organization’s network or personnel. The goal of APT attacks are typically espionage, collecting information, possibly for future attacks, stealing money to fund activities or to steal or sabotage technology.

APT cyber attacks are selective. They hack aerospace contractors, aviation companies, the energy sector, healthcare firms, national defense organizations, defense contractors, government officials, embassies, technology, and large financial firms.

What is the Difference Between APTs and Malware?

APT attacks are costly, highly skilled, and occur over a period of years to avoid detection. Malware attacks are generally fast to bombard IT systems with obvious attacks. There is a significant level of coordinated human involvement by APT hackers which are always highly skilled and coordinated. Malware attacks are usually automated and work as an automation. Although something like a spear phishing attack is targeted at a small group of people, it is not necessarily an APT attack, but it can be. Social engineering is used in the majority of APT cyber attacks.

Advanced Persistent Threat List

Equation Group – The name for the United States National Security Agency hacking group. Equation Group is responsible for the development of Eternal Blue exploit which was used in the WannaCry cyber attack on Europe.

Linux Training

APT3

APT3 is one of China’s state-sponsored hacking groups. This group uses generic phishing emails and web browser exploits to obtain user credentials. APT3 is one of the Chinese hacking groups that uses the NSA exploit, EternalBlue, and is associated with SHOTPUT, COOKIECUTTER, and SOGU malwares.

Buckeye, Gothic Panda, and UPS Team are other names for APT3.

APT16

APT16 is a Chinese hacking group that focuses on political issues with Japan and Taiwan. The group uses spear phishing emails and is associated with IRONHALO, ELMER malware.

APT28

APT28, also known as the Tsar team or Fancy Bear, collects intelligence on defense and geopolitical issues. They focus on geopolitical issues in Georgia, eastern European, North Atlantic Treaty Organization (NATO), and other European security organizations. Tsar team is believed to be funded by the Russian government. They use SOURFACE downloader, EVILTOSS backdoor, and CHOPSTICK.

APT29

APT29 is associated with the Russian government and considered one of the most sophisticated hacking groups. APT29 uses social media sites such as Twitter or GitHub, as well as cloud storage services to communicate. Traffic closely mimics legitimate web traffic making it difficult to discover network infiltration.

APT32

APT32 is a Vietnamese hacking group. APT32, also known as OceanLotus Group, targets companies trying to invest in Vietnam. The group uses social engineering attacks and spear phishing emails as attack vectors. APT32 is associated with SOUNDBITE, WINDSHIELD, PHOREAL, BEACON, and KOMPROGO.

APT33

APT33 is an Iranian hacking group that targets aerospace, aviation, and petrochemical industries. The group uses spear phishing emails and is associated with SHAPESHIFT, DROPSHOT, TURNEDUP, NANOCORE, NETWIRE, ALFA Shell attack vectors.

APT34

APT34 is another Iranian hacking group active since 2014. They are focused on espionage in the financial, government, energy, chemical, and telecommunications industries. APT34 uses POWBAT, POWRUNER, and BONDUPDATER.

APT37

APT37 are North Korean hackers that appear to be sponsored by the North Korean government. Pseudonyms include Scarcruft and Group123. The hacking group uses zero-day vulnerabilities and wiper malware. Social engineering attacks and torrent sites are used to distribute malware. It is most recently associated with ELECTRICFISH malware.

APT38

APT38 is another North Korean state-sponsored hacking group. Pseudonyms include Hidden Cobra and Lazarus group. APT38 has attacked sixteen organizations in at eleven countries typically stealing money from financial organizations. This group has a history of destroying victim’s networks and data during the cyber attacks.

APT39

APT39 is an Iranian hacking group that focuses on telecommunications and travel industries in the middle east. APT39 uses spoofed websites and spear phishing campaigns with malicious email attachments. It is associated with SEAWEED, CACHEMONEY, and POWBAT backdoors.

Other North Korean Advance Persistent Threat Groups are APT37 which tagets South Korea, Japan, Vietnam, and the Middle East.

APT40

APT40 is a Chinese cyber espionage APT group that targets countries important to China’s Belt and Road Initiative. This APT group has been operational since 2013. The goal of APT40 is espionage aimed at stealing technology from maritime, defense, aviation, chemicals, universities, governments, and technology organizations. APT40 uses spear phishing campaigns. Code used is from BADSIGN, FIELDGOAL, FINDLOCK, PHOTO, SCANBOX, SOGU, and WIDETONE.

Other Chinese advanced persistent threat groups include APT3, APT10 ( Menupass Team), APT12 (Calc Team), APT19 (Codoso Team), APT18 (Wekby), APT17 (Tailgator Team, Deputy Dog).

Source: FireEye, Inc.

Filed Under: Government Cyber Security Tagged With: APT

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version