What do APT Groups Do

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

21 minutes
Video Transcription
Hello, everyone. I'm instructor Gerry Roberts, and this is introduction to a PT groups.
In this video, we're gonna learn about the types of attacks that a PT groups perpetrate. We're gonna learn about a p t group characteristics, and we're gonna look at the life cycle of an A B T group attack.
So type of attacks.
MPT attacks usually combined several techniques
so they might combine things like social engineering, phone interception, malware, phishing all that in orderto orchestrate their attack. And some of these attacks happen at different parts of the life cycle.
These attacks are usually politically, financially or both motivated
characteristics of a p T grips. So there are some things that a PT groups have in common.
Ah, lot of times their objectives are very similar. Their timelines are usually very similar
and a lot of the groups used. The same resource is or use the same resource is and modify them.
They also have a certain level of risk tolerance, meaning they're willing to take a certain amount of risk to get a certain rewards.
Thes skills and methods of most of these groups are intermediate to advanced, and that's why they've continued to be
advanced threats and persistent threats.
The types of actions they take tend to be similar.
And sometimes their origination of attacks is similar as well.
So a lot of these groups
work in the same areas, and sometimes they might even work together
numbers involved in the attack. Now, one of the things that you need to know about A P. T s and a PT groups usually is not just one person doing this. It's usually multiple people working together doing this. So there are usually
numbers of people in a group.
Sometimes they're smaller groups, but typically there actually larger groups
and their knowledge usually comes from the same place, and they usually share knowledge with each other. So that way they can gain better skills and get better at doing their attacks.
Life cycle of attack.
So the way that these groups usually work is they'll go out and first they'll choose a target. So they're trying to find a specific target,
so that could be like a specific government. Could be a specific office, a specific company or specific location for a company. But they go out and they do some research, and they choose a target that looks like it's gonna work for what they want to do.
The second step, once they've grabbed a target, is to gain a foothold with that target.
Some of the techniques here are like spearfishing emails, remote administration software,
uh, social engineering stuff like that to get a foothold and kind of get their foot in the door so they can start doing things with the organization that they've targeted.
Once they get a foothold, they can compromise several systems, and then the next step is to use those compromise systems to infiltrate other systems. So a lot of times, what they'll do is they'll get a couple of stations, Ah, couple of client computers or a couple servers,
and then they'll use those particular piece of equipment to enumerates through all the other things other domain in the network.
The next step is to deploy additional tools
once they've got themselves in there and they've got a number of systems compromised and they're able to enumerate through things. They may actually deploy other tools to collect data and or maintain persistence,
so that way they can continue to get information
and continue to be hidden
the last step is to cover their tracks.
Now this makes sense because we say these groups are persistent, so the only way they can be persistent is to actually cover their tracks. Otherwise, we know they were in there, they know what they were doing and how they got in there, and we might be able to kick them out.
All right, that is it. So we're gonna go ahead, take our quiz. We have a post distress it question for this model
in which stage of the A P T group attack life cycle or tools like spearfishing emails usually utilized is that when they choose a target is that when they deploy additional tools
is that when they're trying to gain a foothold? Or is this the step where they used compromise systems? So go ahead and give you a second to figure that one out.
And then you can also pause if you'd like, and there will come back to the answer
answer, see, gain a foothold. So in order to try to get that fold hold, they'll usually deploy some sort of social engineering techniques. Such a sphere. Ah, spear, phishing, email. Or they might do? Ah, fishing or even newer attacks or super advanced,
and they're able to do deep fake video conferencing.
Um, I saw an article recently that they did this with a company in order to get a CEO to purchase specific items so they could transfer that money to themselves. It was quite complex.
Up Next
APT Group Fundamentals

In this course, you will learn the fundamentals of Advanced Persistent Groups, and the deliniation between them in comparison to popular threat vectors in the security space. This course will cover common characteristics and attack patterns of APT groups, so that you can understand the threats associated.

Instructed By