Advanced Persistent Threat

What Does Advanced Persistent Threat Mean?

An advanced persistent threat (APT) is a cyberattack launched by an attacker with substantial means, organization and motivation to carry out a sustained assault against a target.


The attacker's goal is to remain hidden over an extended period of time and incrementally obtain the permissions required to achieve the attack's objectives.

APTs differ from zero day and other types of cyberattacks in a number of ways:

  • This type of cybersecurity attack is expensive to conduct so it is often aimed at highly valuable targets, such as government facilities, defense contractors, media outlets and manufacturers of high-tech products.
  • Threat actors often use legitimate credentials they have acquired by exploiting known vulnerabilities, using social engineering tactics and conducting brute force attacks.
  • The attacker will often develop and deploy customized malware and seek to compromise trusted third-party software.
  • APT threat actors will spend time and money to monitor their target closely and pivot attack vectors when necessary.

Techopedia Explains Advanced Persistent Threat

An APT has three primary goals:

  • Surveillance
  • Sabotage
  • Theft

Perpetrators of APTs often use threat intelligence and trusted connections to gain initial access to target networks and systems. The trusted connection may be third-party software or an insider who falls prey to a spear phishing or whaling attack.

An APT is advanced in the sense that it employs stealth and multiple attack methods to compromise the target. This type of attack is difficult to detect, remove, and attribute. Once the target is breached, back doors are often created to provide the attacker with ongoing access to the compromised system.

An APT is persistent because the attacker can spend months — or even years — gathering intelligence about the target before using that intelligence to launch multiple attacks over an extended period of time. This type of cyberthreat is dangerous because perpetrators are often after highly sensitive government information, such as the layout of nuclear power plants or codes to break into U.S. defense contractors.


Related Terms

Latest Cyber Threats Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…