A group APT designates a group cybercriminal highly skilled and organised, usually associated with a nation state or a sophisticated criminal organisation.
Why do the names of these groups begin with APT?
The term "APT" has become a standard term for this type of attack. cyber threat. Security researchers use this designation to classify and track the activities of these groups.
1. Advanced
- Use of techniques complexes and innovative exploitation of zero-days (unknown faults), malware made-to-measure (e.g: Stuxnet), social engineering elaborate.
- Example: The group APT29 (aka Cozy Bear), linked to Russia, exploited the flaw SolarWinds in 2020 to infiltrate US government agencies.
2. Persistent
- The attacks extend over months or yearswith a discreet presence in targeted networks.
- Example: APT34 (Iran) led a 5-year campaign against energy companies in the Middle East.
3. Threat
- Objectives strategic theft of intellectual property, disruption of infrastructure (energy, health), political influence.
- Example: APT28 (Fancy Bear), linked to Russia, hacked into the US Democratic Party during the 2016 presidential election.
📝 List of known APT groups
There are many APT groups, each with its own specialities and targets. Here are a few examples:
- APT28 (Fancy Bear): A Russian group associated with the GRU, involved in espionage and disruption campaigns.
- APT29 (Cozy Bear): Another Russian group, also linked to the intelligence services, known for its attacks on governments and organisations.
- APT41 (Winnti): A Chinese group that combines espionage activities with cyber attacks financially motivated.
- Lazarus Group: A North Korean group known for its attacks on financial institutions and its campaigns of cyber espionage.
For a more detailed list: see cybercriminal groups
