In order to gain initial foothold within the target infrastructure APTs drop a malicious program during the point of entry step. While there are multiple ways of deploying malicious payloads the most common cases are malicious email attachments or exploits against the user’s web browser which are embedded into the websites the victim is usually browsing or is forced to browse to . The approach the APTs choose to use depends on the resources they possess or time that is available for carrying out the attack.
If I had six hours to chop down a tree, I’d spend the first four sharpening the axe.
– Abraham Lincoln
One of the differences between a targeted attack and a wide spread malware campaign is the effort and time spent on preparation for attacking a specific target. Preparation, especially in the form of reconnaissance, is the first and most important phase in the APT life-cycle.
The cyber espionage “investigations” has become popular within the information security industry and resulted in easy marketing opportunities of research reports about Advanced Persistent Threats along with headlines of “nation-state attack”. Apart from the purpose of APT research report marketing, the term “APT” itself got generalized for the sake of convenience. However, this was done at the expense of accuracy and greater