CINXE.COM
Advanced persistent threat - Wikipedia
<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Advanced persistent threat - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"b01a442c-d138-4c3c-a224-8c50309bdb36","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Advanced_persistent_threat","wgTitle":"Advanced persistent threat","wgCurRevisionId":1268242591,"wgRevisionId":1268242591,"wgArticleId":25874360,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Articles with short description","Short description is different from Wikidata","Use dmy dates from April 2021","All articles with unsourced statements","Articles with unsourced statements from October 2019","Advanced persistent threat","Espionage","Hacking (computer security)","Cyberwarfare"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Advanced_persistent_threat","wgRelevantArticleId": 25874360,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":50000,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q4686357","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true, "wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","mediawiki.page.media","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap", "ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.14"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Advanced persistent threat - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Advanced_persistent_threat"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Advanced_persistent_threat&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Advanced_persistent_threat"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Advanced_persistent_threat rootpage-Advanced_persistent_threat skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" title="Main menu" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Advanced+persistent+threat" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Advanced+persistent+threat" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Advanced+persistent+threat" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Advanced+persistent+threat" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"><!-- CentralNotice --></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-Definition" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Definition"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>Definition</span> </div> </a> <ul id="toc-Definition-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-History_and_targets" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#History_and_targets"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>History and targets</span> </div> </a> <ul id="toc-History_and_targets-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Life_cycle" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Life_cycle"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Life cycle</span> </div> </a> <ul id="toc-Life_cycle-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Mitigation_strategies" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Mitigation_strategies"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Mitigation strategies</span> </div> </a> <ul id="toc-Mitigation_strategies-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-APT_groups" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#APT_groups"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>APT groups</span> </div> </a> <button aria-controls="toc-APT_groups-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle APT groups subsection</span> </button> <ul id="toc-APT_groups-sublist" class="vector-toc-list"> <li id="toc-China" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#China"> <div class="vector-toc-text"> <span class="vector-toc-numb">5.1</span> <span>China</span> </div> </a> <ul id="toc-China-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Iran" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Iran"> <div class="vector-toc-text"> <span class="vector-toc-numb">5.2</span> <span>Iran</span> </div> </a> <ul id="toc-Iran-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-North_Korea" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#North_Korea"> <div class="vector-toc-text"> <span class="vector-toc-numb">5.3</span> <span>North Korea</span> </div> </a> <ul id="toc-North_Korea-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Russia" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Russia"> <div class="vector-toc-text"> <span class="vector-toc-numb">5.4</span> <span>Russia</span> </div> </a> <ul id="toc-Russia-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Turkey" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Turkey"> <div class="vector-toc-text"> <span class="vector-toc-numb">5.5</span> <span>Turkey</span> </div> </a> <ul id="toc-Turkey-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-United_States" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#United_States"> <div class="vector-toc-text"> <span class="vector-toc-numb">5.6</span> <span>United States</span> </div> </a> <ul id="toc-United_States-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Uzbekistan" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Uzbekistan"> <div class="vector-toc-text"> <span class="vector-toc-numb">5.7</span> <span>Uzbekistan</span> </div> </a> <ul id="toc-Uzbekistan-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Vietnam" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Vietnam"> <div class="vector-toc-text"> <span class="vector-toc-numb">5.8</span> <span>Vietnam</span> </div> </a> <ul id="toc-Vietnam-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Naming" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Naming"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>Naming</span> </div> </a> <ul id="toc-Naming-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Notes" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Notes"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>Notes</span> </div> </a> <ul id="toc-Notes-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">9</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">10</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" title="Table of Contents" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Advanced persistent threat</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 21 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-21" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">21 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Pokro%C4%8Dil%C3%A1_trval%C3%A1_hrozba" title="Pokročilá trvalá hrozba – Czech" lang="cs" hreflang="cs" data-title="Pokročilá trvalá hrozba" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Advanced_Persistent_Threat" title="Advanced Persistent Threat – German" lang="de" hreflang="de" data-title="Advanced Persistent Threat" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Amenaza_persistente_avanzada" title="Amenaza persistente avanzada – Spanish" lang="es" hreflang="es" data-title="Amenaza persistente avanzada" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D8%AA%D9%87%D8%AF%DB%8C%D8%AF%D9%87%D8%A7%DB%8C_%D9%BE%DB%8C%D8%B4%D8%B1%D9%81%D8%AA%D9%87_%D9%88_%D9%85%D8%B3%D8%AA%D9%85%D8%B1" title="تهدیدهای پیشرفته و مستمر – Persian" lang="fa" hreflang="fa" data-title="تهدیدهای پیشرفته و مستمر" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target"><span>فارسی</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Advanced_Persistent_Threat" title="Advanced Persistent Threat – French" lang="fr" hreflang="fr" data-title="Advanced Persistent Threat" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EC%A7%80%EB%8A%A5%ED%98%95_%EC%A7%80%EC%86%8D_%EA%B3%B5%EA%B2%A9" title="지능형 지속 공격 – Korean" lang="ko" hreflang="ko" data-title="지능형 지속 공격" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-id mw-list-item"><a href="https://id.wikipedia.org/wiki/Ancaman_persisten_tingkat_lanjut" title="Ancaman persisten tingkat lanjut – Indonesian" lang="id" hreflang="id" data-title="Ancaman persisten tingkat lanjut" data-language-autonym="Bahasa Indonesia" data-language-local-name="Indonesian" class="interlanguage-link-target"><span>Bahasa Indonesia</span></a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Advanced_Persistent_Threat" title="Advanced Persistent Threat – Italian" lang="it" hreflang="it" data-title="Advanced Persistent Threat" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target"><span>Italiano</span></a></li><li class="interlanguage-link interwiki-ml mw-list-item"><a href="https://ml.wikipedia.org/wiki/%E0%B4%85%E0%B4%A1%E0%B5%8D%E0%B4%B5%E0%B4%BE%E0%B5%BB%E0%B4%B8%E0%B5%8D%E0%B4%A1%E0%B5%8D_%E0%B4%AA%E0%B5%86%E0%B5%BC%E0%B4%B8%E0%B4%BF%E0%B4%B8%E0%B5%8D%E0%B4%B1%E0%B5%8D%E0%B4%B1%E0%B4%A8%E0%B5%8D%E0%B4%B1%E0%B5%8D_%E0%B4%A4%E0%B5%8D%E0%B4%B0%E0%B5%86%E0%B4%9F%E0%B5%8D%E0%B4%9F%E0%B5%8D" title="അഡ്വാൻസ്ഡ് പെർസിസ്റ്റന്റ് ത്രെട്ട് – Malayalam" lang="ml" hreflang="ml" data-title="അഡ്വാൻസ്ഡ് പെർസിസ്റ്റന്റ് ത്രെട്ട്" data-language-autonym="മലയാളം" data-language-local-name="Malayalam" class="interlanguage-link-target"><span>മലയാളം</span></a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Advanced_Persistent_Threat" title="Advanced Persistent Threat – Dutch" lang="nl" hreflang="nl" data-title="Advanced Persistent Threat" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target"><span>Nederlands</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/APT%E6%94%BB%E6%92%83" title="APT攻撃 – Japanese" lang="ja" hreflang="ja" data-title="APT攻撃" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-no mw-list-item"><a href="https://no.wikipedia.org/wiki/Avansert_og_vedvarende_trusselakt%C3%B8r" title="Avansert og vedvarende trusselaktør – Norwegian Bokmål" lang="nb" hreflang="nb" data-title="Avansert og vedvarende trusselaktør" data-language-autonym="Norsk bokmål" data-language-local-name="Norwegian Bokmål" class="interlanguage-link-target"><span>Norsk bokmål</span></a></li><li class="interlanguage-link interwiki-pt mw-list-item"><a href="https://pt.wikipedia.org/wiki/Amea%C3%A7a_persistente_avan%C3%A7ada" title="Ameaça persistente avançada – Portuguese" lang="pt" hreflang="pt" data-title="Ameaça persistente avançada" data-language-autonym="Português" data-language-local-name="Portuguese" class="interlanguage-link-target"><span>Português</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/%D0%9F%D0%BE%D1%81%D1%82%D0%BE%D1%8F%D0%BD%D0%BD%D0%B0%D1%8F_%D1%81%D0%B5%D1%80%D1%8C%D1%91%D0%B7%D0%BD%D0%B0%D1%8F_%D1%83%D0%B3%D1%80%D0%BE%D0%B7%D0%B0" title="Постоянная серьёзная угроза – Russian" lang="ru" hreflang="ru" data-title="Постоянная серьёзная угроза" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-sl mw-list-item"><a href="https://sl.wikipedia.org/wiki/Napredna_trajna_gro%C5%BEnja" title="Napredna trajna grožnja – Slovenian" lang="sl" hreflang="sl" data-title="Napredna trajna grožnja" data-language-autonym="Slovenščina" data-language-local-name="Slovenian" class="interlanguage-link-target"><span>Slovenščina</span></a></li><li class="interlanguage-link interwiki-sr mw-list-item"><a href="https://sr.wikipedia.org/wiki/Napredna_trajna_pretnja" title="Napredna trajna pretnja – Serbian" lang="sr" hreflang="sr" data-title="Napredna trajna pretnja" data-language-autonym="Српски / srpski" data-language-local-name="Serbian" class="interlanguage-link-target"><span>Српски / srpski</span></a></li><li class="interlanguage-link interwiki-fi mw-list-item"><a href="https://fi.wikipedia.org/wiki/Advanced_Persistent_Threat" title="Advanced Persistent Threat – Finnish" lang="fi" hreflang="fi" data-title="Advanced Persistent Threat" data-language-autonym="Suomi" data-language-local-name="Finnish" class="interlanguage-link-target"><span>Suomi</span></a></li><li class="interlanguage-link interwiki-tr mw-list-item"><a href="https://tr.wikipedia.org/wiki/Geli%C5%9Fmi%C5%9F_s%C3%BCrekli_tehdit" title="Gelişmiş sürekli tehdit – Turkish" lang="tr" hreflang="tr" data-title="Gelişmiş sürekli tehdit" data-language-autonym="Türkçe" data-language-local-name="Turkish" class="interlanguage-link-target"><span>Türkçe</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/%D0%A0%D0%BE%D0%B7%D0%B2%D0%B8%D0%BD%D0%B5%D0%BD%D0%B0_%D1%81%D1%82%D0%B0%D0%BB%D0%B0_%D0%B7%D0%B0%D0%B3%D1%80%D0%BE%D0%B7%D0%B0" title="Розвинена стала загроза – Ukrainian" lang="uk" hreflang="uk" data-title="Розвинена стала загроза" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-vi mw-list-item"><a href="https://vi.wikipedia.org/wiki/Advanced_persistent_threat" title="Advanced persistent threat – Vietnamese" lang="vi" hreflang="vi" data-title="Advanced persistent threat" data-language-autonym="Tiếng Việt" data-language-local-name="Vietnamese" class="interlanguage-link-target"><span>Tiếng Việt</span></a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/%E9%AB%98%E7%BA%A7%E9%95%BF%E6%9C%9F%E5%A8%81%E8%83%81" title="高级长期威胁 – Chinese" lang="zh" hreflang="zh" data-title="高级长期威胁" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target"><span>中文</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q4686357#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Advanced_persistent_threat" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Advanced_persistent_threat" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Advanced_persistent_threat"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Advanced_persistent_threat&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Advanced_persistent_threat&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Advanced_persistent_threat"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Advanced_persistent_threat&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Advanced_persistent_threat&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Advanced_persistent_threat" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Advanced_persistent_threat" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Advanced_persistent_threat&oldid=1268242591" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Advanced_persistent_threat&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Advanced_persistent_threat&id=1268242591&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FAdvanced_persistent_threat"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FAdvanced_persistent_threat"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Advanced_persistent_threat&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Advanced_persistent_threat&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q4686357" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Set of stealthy and continuous computer hacking processes</div> <p> An <b>advanced persistent threat</b> (<b>APT</b>) is a stealthy <a href="/wiki/Threat_actor" title="Threat actor">threat actor</a>, typically a <a href="/wiki/State_(polity)" title="State (polity)">state</a> or state-sponsored group, which gains unauthorized access to a <a href="/wiki/Computer_network" title="Computer network">computer network</a> and remains undetected for an extended period.<sup id="cite_ref-1" class="reference"><a href="#cite_note-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-2" class="reference"><a href="#cite_note-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.<sup id="cite_ref-:0_3-0" class="reference"><a href="#cite_note-:0-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> </p><p>Such threat actors' motivations are typically political or economic.<sup id="cite_ref-4" class="reference"><a href="#cite_note-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup> Every major <a href="/wiki/Business_sector" title="Business sector">business sector</a> has recorded instances of <a href="/wiki/Cyberattack" title="Cyberattack">cyberattacks</a> by advanced actors with specific goals, whether to steal, spy, or disrupt. These targeted sectors include government, <a href="/wiki/Arms_industry" title="Arms industry">defense</a>, <a href="/wiki/Financial_services" title="Financial services">financial services</a>, <a href="/wiki/Practice_of_law" title="Practice of law">legal services</a>, <a href="/wiki/Manufacturing" title="Manufacturing">industrial</a>, <a href="/wiki/Telecommunication" class="mw-redirect" title="Telecommunication">telecoms</a>, <a href="/wiki/Final_good" title="Final good">consumer goods</a> and many more.<sup id="cite_ref-:2_5-0" class="reference"><a href="#cite_note-:2-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-6" class="reference"><a href="#cite_note-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> Some groups utilize traditional <a href="/wiki/Espionage" title="Espionage">espionage</a> vectors, including <a href="/wiki/Social_engineering_(security)" title="Social engineering (security)">social engineering</a>, <a href="/wiki/Human_intelligence_(intelligence_gathering)" title="Human intelligence (intelligence gathering)">human intelligence</a> and <a href="/wiki/Infiltration_tactics" title="Infiltration tactics">infiltration</a> to gain access to a physical location to enable network attacks. The purpose of these attacks is to install custom <a href="/wiki/Malware" title="Malware">malware</a>.<sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> </p><p>APT attacks on <a href="/wiki/Mobile_device" title="Mobile device">mobile devices</a> have also become a legitimate concern, since attackers are able to penetrate into cloud and mobile infrastructure to eavesdrop, steal, and tamper with data.<sup id="cite_ref-9" class="reference"><a href="#cite_note-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup> </p><p>The median "dwell-time", the time an APT attack goes undetected, differs widely between regions. <a href="/wiki/FireEye" class="mw-redirect" title="FireEye">FireEye</a> reported the mean dwell-time for 2018 in the <a href="/wiki/Americas" title="Americas">Americas</a> as 71 days, <a href="/wiki/Europe,_the_Middle_East_and_Africa" title="Europe, the Middle East and Africa">EMEA</a> as 177 days, and <a href="/wiki/Asia-Pacific" class="mw-redirect" title="Asia-Pacific">APAC</a> as 204 days.<sup id="cite_ref-:2_5-1" class="reference"><a href="#cite_note-:2-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> Such a long dwell-time allows attackers a significant amount of time to go through the attack cycle, propagate, and achieve their objectives. </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="Definition">Definition</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=1" title="Edit section: Definition"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Definitions of precisely what an APT is can vary, but can be summarized by their named requirements below: </p> <ul><li><i>Advanced</i> – Operators behind the threat have a full spectrum of intelligence-gathering techniques at their disposal. These may include commercial and open source computer intrusion technologies and techniques, but may also extend to include the intelligence apparatus of a state. While individual components of the attack may not be considered particularly "advanced" (e.g. <a href="/wiki/Malware" title="Malware">malware</a> components generated from commonly available do-it-yourself malware construction kits, or the use of easily procured exploit materials), their operators can typically access and develop more advanced tools as required. They often combine multiple targeting methods, tools, and techniques in order to reach and compromise their target and maintain access to it. Operators may also demonstrate a deliberate focus on operational security that differentiates them from "less advanced" threats.<sup id="cite_ref-:0_3-1" class="reference"><a href="#cite_note-:0-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:1_10-0" class="reference"><a href="#cite_note-:1-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup></li> <li><i>Persistent</i> – Operators have specific objectives, rather than opportunistically seeking information for financial or other gain. This distinction implies that the attackers are guided by external entities. The targeting is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a "low-and-slow" approach is usually more successful. If the operator loses access to their target they usually will reattempt access, and most often, successfully. One of the operator's goals is to maintain long-term access to the target, in contrast to threats who only need access to execute a specific task.<sup id="cite_ref-:1_10-1" class="reference"><a href="#cite_note-:1-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-12" class="reference"><a href="#cite_note-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup></li> <li><i>Threat</i> – APTs are a threat because they have both capability and intent. APT attacks are executed by coordinated human actions, rather than by mindless and automated pieces of code. The operators have a specific objective and are skilled, motivated, organized and well funded. Actors are not limited to state sponsored groups.<sup id="cite_ref-:0_3-2" class="reference"><a href="#cite_note-:0-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:1_10-2" class="reference"><a href="#cite_note-:1-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading2"><h2 id="History_and_targets">History and targets</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=2" title="Edit section: History and targets"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Warnings against targeted, socially-engineered emails dropping <a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">trojans</a> to exfiltrate sensitive information were published by UK and US <a href="/wiki/Computer_emergency_response_team" title="Computer emergency response team">CERT</a> organisations in 2005. This method was used throughout the early 1990s and does not in itself constitute an APT. The term "advanced persistent threat" has been cited as originating from the <a href="/wiki/United_States_Air_Force" title="United States Air Force">United States Air Force</a> in 2006<sup id="cite_ref-13" class="reference"><a href="#cite_note-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup> with Colonel Greg Rattray cited as the individual who coined the term.<sup id="cite_ref-14" class="reference"><a href="#cite_note-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup> </p><p>The <a href="/wiki/Stuxnet" title="Stuxnet">Stuxnet</a> <a href="/wiki/Computer_worm" title="Computer worm">computer worm</a>, which targeted the computer hardware of <a href="/wiki/Iran%27s_nuclear_program" class="mw-redirect" title="Iran's nuclear program">Iran's nuclear program</a>, is one example of an APT attack. In this case, the Iranian government might consider the Stuxnet creators to be an advanced persistent threat.<sup class="noprint Inline-Template Template-Fact" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed"><span title="This claim needs references to reliable sources. (October 2019)">citation needed</span></a></i>]</sup><sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup> </p><p>Within the <a href="/wiki/Computer_security" title="Computer security">computer security</a> community, and increasingly within the media, the term is almost always used in reference to a long-term pattern of sophisticated computer network exploitation aimed at governments, companies, and political activists, and by extension, also to ascribe the A, P and T attributes to the groups behind these attacks.<sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup> Advanced persistent threat (APT) as a term may be shifting focus to computer-based hacking due to the rising number of occurrences. <a href="/wiki/PC_World" title="PC World">PC World</a> reported an 81 percent increase from 2010 to 2011 of particularly advanced targeted computer attacks.<sup id="cite_ref-17" class="reference"><a href="#cite_note-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> </p><p>Actors in many countries have used <a href="/wiki/Cyberspace" title="Cyberspace">cyberspace</a> as a means to gather intelligence on individuals and groups of individuals of interest.<sup id="cite_ref-18" class="reference"><a href="#cite_note-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-19" class="reference"><a href="#cite_note-19"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-20" class="reference"><a href="#cite_note-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup> The <a href="/wiki/United_States_Cyber_Command" title="United States Cyber Command">United States Cyber Command</a> is tasked with coordinating the US military's offensive and defensive <a href="/wiki/Cyber-Attacks" class="mw-redirect" title="Cyber-Attacks">cyber</a> operations.<sup id="cite_ref-21" class="reference"><a href="#cite_note-21"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup> </p><p>Numerous sources have alleged that some APT groups are affiliated with, or are agents of, governments of <a href="/wiki/Sovereign_state" title="Sovereign state">sovereign states</a>.<sup id="cite_ref-22" class="reference"><a href="#cite_note-22"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-23" class="reference"><a href="#cite_note-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-24" class="reference"><a href="#cite_note-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup> Businesses holding a large quantity of <a href="/wiki/Personally_identifiable_information" class="mw-redirect" title="Personally identifiable information">personally identifiable information</a> are at high risk of being targeted by advanced persistent threats, including:<sup id="cite_ref-Dell_SecureWorks_25-0" class="reference"><a href="#cite_note-Dell_SecureWorks-25"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup> </p> <ul><li>Agriculture<sup id="cite_ref-Cybersecurity:_Current_Writings_on_Threats_and_Protection_2019_26-0" class="reference"><a href="#cite_note-Cybersecurity:_Current_Writings_on_Threats_and_Protection_2019-26"><span class="cite-bracket">[</span>26<span class="cite-bracket">]</span></a></sup></li> <li>Energy</li> <li><a href="/wiki/Financial_institution" title="Financial institution">Financial institutions</a></li> <li>Health care</li> <li>Higher education<sup id="cite_ref-27" class="reference"><a href="#cite_note-27"><span class="cite-bracket">[</span>27<span class="cite-bracket">]</span></a></sup></li> <li>Manufacturing</li> <li>Technology</li> <li>Telecommunications</li> <li><a href="/wiki/Transport" title="Transport">Transportation</a></li></ul> <p>A Bell Canada study provided deep research into the anatomy of APTs and uncovered widespread presence in Canadian government and critical infrastructure. Attribution was established to Chinese and Russian actors.<sup id="cite_ref-28" class="reference"><a href="#cite_note-28"><span class="cite-bracket">[</span>28<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Life_cycle">Life cycle</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=3" title="Edit section: Life cycle"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-halign-right" typeof="mw:File/Thumb"><a href="/wiki/File:Advanced_persistent_threat_lifecycle.jpg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/7/73/Advanced_persistent_threat_lifecycle.jpg/300px-Advanced_persistent_threat_lifecycle.jpg" decoding="async" width="300" height="298" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/7/73/Advanced_persistent_threat_lifecycle.jpg/450px-Advanced_persistent_threat_lifecycle.jpg 1.5x, //upload.wikimedia.org/wikipedia/commons/7/73/Advanced_persistent_threat_lifecycle.jpg 2x" data-file-width="500" data-file-height="496" /></a><figcaption>A diagram depicting the life cycle staged approach of an advanced persistent threat (APT), which repeats itself once complete.</figcaption></figure> <p>Actors behind advanced persistent threats create a growing and changing risk to organizations' financial assets, intellectual property, and reputation<sup id="cite_ref-29" class="reference"><a href="#cite_note-29"><span class="cite-bracket">[</span>29<span class="cite-bracket">]</span></a></sup> by following a continuous process or <a href="/wiki/Kill_chain_(military)" title="Kill chain (military)">kill chain</a>: </p> <ol><li>Target specific organizations for a singular objective</li> <li>Attempt to gain a foothold in the environment (common tactics include <a href="/wiki/Spear_phishing" class="mw-redirect" title="Spear phishing">spear phishing</a> emails)</li> <li>Use the compromised systems as access into the target network</li> <li>Deploy additional tools that help fulfill the attack objective</li> <li>Cover tracks to maintain access for future initiatives</li></ol> <p>In 2013, Mandiant presented results of their research on alleged Chinese attacks using APT method between 2004 and 2013<sup id="cite_ref-mandiant_30-0" class="reference"><a href="#cite_note-mandiant-30"><span class="cite-bracket">[</span>30<span class="cite-bracket">]</span></a></sup> that followed similar lifecycle: </p> <ul><li><b>Initial compromise</b> – performed by use of <a href="/wiki/Social_engineering_(security)" title="Social engineering (security)">social engineering</a> and <a href="/wiki/Spear_phishing" class="mw-redirect" title="Spear phishing">spear phishing</a>, over email, using <a href="/wiki/Zero-day_virus" class="mw-redirect" title="Zero-day virus">zero-day viruses</a>. Another popular infection method was planting <a href="/wiki/Malware" title="Malware">malware</a> on a website that the victim's employees will be likely to visit.<sup id="cite_ref-31" class="reference"><a href="#cite_note-31"><span class="cite-bracket">[</span>31<span class="cite-bracket">]</span></a></sup></li> <li><b>Establish foothold</b> – plant <a href="/wiki/Remote_administration_software" class="mw-redirect" title="Remote administration software">remote administration software</a> in victim's network, create net backdoors and tunnels allowing stealth access to its infrastructure.</li> <li><b>Escalate privileges</b> – use <a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">exploits</a> and <a href="/wiki/Password_cracking" title="Password cracking">password cracking</a> to acquire administrator privileges over victim's computer and possibly expand it to <a href="/wiki/Windows_domain" title="Windows domain">Windows domain</a> administrator accounts.</li> <li><b>Internal reconnaissance</b> – collect information on surrounding infrastructure, trust relationships, <a href="/wiki/Windows_domain" title="Windows domain">Windows domain</a> structure.</li> <li><b>Move laterally</b> – expand control to other workstations, servers and infrastructure elements and perform data harvesting on them.</li> <li><b>Maintain presence</b> – ensure continued control over access channels and credentials acquired in previous steps.</li> <li><b>Complete mission</b> – exfiltrate stolen data from victim's network.</li></ul> <p>In incidents analysed by Mandiant, the average period over which the attackers controlled the victim's network was one year, with longest – almost five years.<sup id="cite_ref-mandiant_30-1" class="reference"><a href="#cite_note-mandiant-30"><span class="cite-bracket">[</span>30<span class="cite-bracket">]</span></a></sup> The infiltrations were allegedly performed by Shanghai-based <a href="/wiki/PLA_Unit_61398" title="PLA Unit 61398">Unit 61398</a> of <a href="/wiki/People%27s_Liberation_Army" title="People's Liberation Army">People's Liberation Army</a>. Chinese officials have denied any involvement in these attacks.<sup id="cite_ref-32" class="reference"><a href="#cite_note-32"><span class="cite-bracket">[</span>32<span class="cite-bracket">]</span></a></sup> </p><p>Previous reports from Secdev had previously discovered and implicated Chinese actors.<sup id="cite_ref-TGN_1_33-0" class="reference"><a href="#cite_note-TGN_1-33"><span class="cite-bracket">[</span>33<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Mitigation_strategies">Mitigation strategies</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=4" title="Edit section: Mitigation strategies"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>There are tens of millions of malware variations,<sup id="cite_ref-GSEC_GIAC_Security_Essentials_Certification_All_2013_34-0" class="reference"><a href="#cite_note-GSEC_GIAC_Security_Essentials_Certification_All_2013-34"><span class="cite-bracket">[</span>34<span class="cite-bracket">]</span></a></sup> which makes it extremely challenging to protect organizations from APT. While APT activities are stealthy and hard to detect, the <a href="/wiki/Command_and_control_(malware)" class="mw-redirect" title="Command and control (malware)">command and control</a> network traffic associated with APT can be detected at the network layer level with sophisticated methods. Deep log analyses and log correlation from various sources is of limited usefulness in detecting APT activities. It is challenging to separate noises from legitimate traffic. Traditional security technology and methods have been ineffective in detecting or mitigating APTs.<sup id="cite_ref-35" class="reference"><a href="#cite_note-35"><span class="cite-bracket">[</span>35<span class="cite-bracket">]</span></a></sup> Active cyber defense has yielded greater efficacy in detecting and prosecuting APTs (find, fix, finish) when applying <a href="/wiki/Cyber_threat_intelligence" title="Cyber threat intelligence">cyber threat intelligence</a> to hunt and adversary pursuit activities.<sup id="cite_ref-36" class="reference"><a href="#cite_note-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-37" class="reference"><a href="#cite_note-37"><span class="cite-bracket">[</span>37<span class="cite-bracket">]</span></a></sup> Human-Introduced Cyber Vulnerabilities (HICV) are a weak cyber link that are neither well understood nor mitigated, constituting a significant attack vector.<sup id="cite_ref-38" class="reference"><a href="#cite_note-38"><span class="cite-bracket">[</span>38<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="APT_groups">APT groups</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=5" title="Edit section: APT groups"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <div class="mw-heading mw-heading3"><h3 id="China">China</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=6" title="Edit section: China"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1236090951">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}@media print{body.ns-0 .mw-parser-output .hatnote{display:none!important}}</style><div role="note" class="hatnote navigation-not-searchable">See also: <a href="/wiki/Cyberwarfare_by_China" title="Cyberwarfare by China">Cyberwarfare by China</a>, <a href="/wiki/Chinese_information_operations_and_information_warfare" title="Chinese information operations and information warfare">Chinese information operations and information warfare</a>, and <a href="/wiki/Chinese_intelligence_activity_abroad" title="Chinese intelligence activity abroad">Chinese intelligence activity abroad</a></div> <ul><li><a href="/wiki/PLA_Unit_61398" title="PLA Unit 61398">PLA Unit 61398</a> (also known as APT1)</li> <li><a href="/wiki/PLA_Unit_61486" title="PLA Unit 61486">PLA Unit 61486</a> (also known as APT2)</li> <li><a href="/w/index.php?title=Boyusec&action=edit&redlink=1" class="new" title="Boyusec (page does not exist)">Buckeye</a> (also known as APT3)<sup id="cite_ref-Symantec2019_39-0" class="reference"><a href="#cite_note-Symantec2019-39"><span class="cite-bracket">[</span>39<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/Red_Apollo" title="Red Apollo">Red Apollo</a> (also known as APT10)</li> <li><a href="/wiki/Numbered_Panda" title="Numbered Panda">Numbered Panda</a> (also known as APT12)</li> <li>DeputyDog (also known as APT17)<sup id="cite_ref-40" class="reference"><a href="#cite_note-40"><span class="cite-bracket">[</span>40<span class="cite-bracket">]</span></a></sup></li> <li>Dynamite Panda or Scandium (also known as APT18, a unit of the <a href="/wiki/People%27s_Liberation_Army_Navy" title="People's Liberation Army Navy">People's Liberation Army Navy</a>)<sup id="cite_ref-:32_41-0" class="reference"><a href="#cite_note-:32-41"><span class="cite-bracket">[</span>41<span class="cite-bracket">]</span></a></sup></li> <li><a href="/w/index.php?title=Codoso_Team&action=edit&redlink=1" class="new" title="Codoso Team (page does not exist)">Codoso Team</a> (also known as APT19)</li> <li>Wocao (also known as APT20)<sup id="cite_ref-fox-it2019_42-0" class="reference"><a href="#cite_note-fox-it2019-42"><span class="cite-bracket">[</span>42<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-43" class="reference"><a href="#cite_note-43"><span class="cite-bracket">[</span>43<span class="cite-bracket">]</span></a></sup></li> <li>APT22 (aka Suckfly)<sup id="cite_ref-44" class="reference"><a href="#cite_note-44"><span class="cite-bracket">[</span>44<span class="cite-bracket">]</span></a></sup></li> <li>APT26 (aka Turbine Panda)<sup id="cite_ref-45" class="reference"><a href="#cite_note-45"><span class="cite-bracket">[</span>45<span class="cite-bracket">]</span></a></sup></li> <li>APT 27<sup id="cite_ref-46" class="reference"><a href="#cite_note-46"><span class="cite-bracket">[</span>46<span class="cite-bracket">]</span></a></sup></li> <li><a href="/w/index.php?title=PLA_Unit_78020&action=edit&redlink=1" class="new" title="PLA Unit 78020 (page does not exist)">PLA Unit 78020</a> (also known as APT30 and <a href="/w/index.php?title=Naikon&action=edit&redlink=1" class="new" title="Naikon (page does not exist)">Naikon</a>)</li> <li>Zirconium<sup id="cite_ref-47" class="reference"><a href="#cite_note-47"><span class="cite-bracket">[</span>47<span class="cite-bracket">]</span></a></sup> (also known as APT31 and Violet Typhoon)<sup id="cite_ref-48" class="reference"><a href="#cite_note-48"><span class="cite-bracket">[</span>48<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-ms-threat-actors-24_49-0" class="reference"><a href="#cite_note-ms-threat-actors-24-49"><span class="cite-bracket">[</span>49<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-50" class="reference"><a href="#cite_note-50"><span class="cite-bracket">[</span>50<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/APT40" title="APT40">APT40</a></li> <li><a href="/wiki/Double_Dragon_(hacking_organization)" class="mw-redirect" title="Double Dragon (hacking organization)">Double Dragon</a><sup id="cite_ref-fireeye2019_51-0" class="reference"><a href="#cite_note-fireeye2019-51"><span class="cite-bracket">[</span>51<span class="cite-bracket">]</span></a></sup> (also known as APT41, Winnti Group, Barium, or Axiom)<sup id="cite_ref-52" class="reference"><a href="#cite_note-52"><span class="cite-bracket">[</span>52<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:52_53-0" class="reference"><a href="#cite_note-:52-53"><span class="cite-bracket">[</span>53<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/Spamouflage" title="Spamouflage">Spamouflage</a> (also known as Dragonbridge or Storm 1376)<sup id="cite_ref-54" class="reference"><a href="#cite_note-54"><span class="cite-bracket">[</span>54<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-55" class="reference"><a href="#cite_note-55"><span class="cite-bracket">[</span>55<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/Hafnium_(group)" title="Hafnium (group)">Hafnium</a><sup id="cite_ref-56" class="reference"><a href="#cite_note-56"><span class="cite-bracket">[</span>56<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-57" class="reference"><a href="#cite_note-57"><span class="cite-bracket">[</span>57<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/LightBasin" title="LightBasin">LightBasin</a><sup id="cite_ref-techtarget-lightbasin_58-0" class="reference"><a href="#cite_note-techtarget-lightbasin-58"><span class="cite-bracket">[</span>58<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-bleeping-computer-lightbasin_59-0" class="reference"><a href="#cite_note-bleeping-computer-lightbasin-59"><span class="cite-bracket">[</span>59<span class="cite-bracket">]</span></a></sup> (Also known as UNC1945)</li> <li>Tropic Trooper<sup id="cite_ref-60" class="reference"><a href="#cite_note-60"><span class="cite-bracket">[</span>60<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/Volt_Typhoon" title="Volt Typhoon">Volt Typhoon</a><sup id="cite_ref-61" class="reference"><a href="#cite_note-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup></li> <li>Flax Typhoon<sup id="cite_ref-:6_62-0" class="reference"><a href="#cite_note-:6-62"><span class="cite-bracket">[</span>62<span class="cite-bracket">]</span></a></sup></li> <li>Charcoal Typhoon (also known as CHROMIUM)<sup id="cite_ref-OpenAI_63-0" class="reference"><a href="#cite_note-OpenAI-63"><span class="cite-bracket">[</span>63<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-AIThreatActors_64-0" class="reference"><a href="#cite_note-AIThreatActors-64"><span class="cite-bracket">[</span>64<span class="cite-bracket">]</span></a></sup></li> <li>Salmon Typhoon (also known as SODIUM)<sup id="cite_ref-OpenAI_63-1" class="reference"><a href="#cite_note-OpenAI-63"><span class="cite-bracket">[</span>63<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-AIThreatActors_64-1" class="reference"><a href="#cite_note-AIThreatActors-64"><span class="cite-bracket">[</span>64<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/Salt_Typhoon" title="Salt Typhoon">Salt Typhoon</a> (also known as GhostEmperor or FamousSparrow)<sup id="cite_ref-65" class="reference"><a href="#cite_note-65"><span class="cite-bracket">[</span>65<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-66" class="reference"><a href="#cite_note-66"><span class="cite-bracket">[</span>66<span class="cite-bracket">]</span></a></sup></li> <li>Liminal Panda<sup id="cite_ref-67" class="reference"><a href="#cite_note-67"><span class="cite-bracket">[</span>67<span class="cite-bracket">]</span></a></sup></li> <li>MirrorFace<sup id="cite_ref-68" class="reference"><a href="#cite_note-68"><span class="cite-bracket">[</span>68<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading3"><h3 id="Iran">Iran</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=7" title="Edit section: Iran"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Charming_Kitten" title="Charming Kitten">Charming Kitten</a> (also known as APT35)</li> <li><a href="/wiki/Elfin_Team" title="Elfin Team">Elfin Team</a> (also known as APT33)</li> <li><a href="/wiki/Helix_Kitten" title="Helix Kitten">Helix Kitten</a> (also known as APT34)</li> <li>Pioneer Kitten<sup id="cite_ref-69" class="reference"><a href="#cite_note-69"><span class="cite-bracket">[</span>69<span class="cite-bracket">]</span></a></sup></li> <li>Remix Kitten (also known as APT39, ITG07, or Chafer)<sup id="cite_ref-70" class="reference"><a href="#cite_note-70"><span class="cite-bracket">[</span>70<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-71" class="reference"><a href="#cite_note-71"><span class="cite-bracket">[</span>71<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading3"><h3 id="North_Korea">North Korea</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=8" title="Edit section: North Korea"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Kimsuky" title="Kimsuky">Kimsuky</a></li> <li><a href="/wiki/Lazarus_Group" title="Lazarus Group">Lazarus Group</a> (also known as APT38)</li> <li><a href="/wiki/Ricochet_Chollima" title="Ricochet Chollima">Ricochet Chollima</a> (also known as APT37)</li></ul> <div class="mw-heading mw-heading3"><h3 id="Russia">Russia</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=9" title="Edit section: Russia"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Berserk_Bear" title="Berserk Bear">Berserk Bear</a></li> <li><a href="/wiki/Cozy_Bear" title="Cozy Bear">Cozy Bear</a> (also known as APT29)</li> <li><a href="/wiki/Fancy_Bear" title="Fancy Bear">Fancy Bear</a> (also known as APT28)</li> <li><a href="/wiki/FIN7" title="FIN7">FIN7</a></li> <li><a href="/wiki/Gamaredon" title="Gamaredon">Gamaredon</a><sup id="cite_ref-venturebeatFeb2022_72-0" class="reference"><a href="#cite_note-venturebeatFeb2022-72"><span class="cite-bracket">[</span>72<span class="cite-bracket">]</span></a></sup> (also known as <a href="/wiki/Primitive_Bear" class="mw-redirect" title="Primitive Bear">Primitive Bear</a>) <sup id="cite_ref-75" class="reference"><a href="#cite_note-75"><span class="cite-bracket">[</span>a<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/Sandworm_(hacker_group)" title="Sandworm (hacker group)">Sandworm</a> (also known as APT44)</li> <li><a href="/wiki/Turla_(malware)" title="Turla (malware)">Venomous Bear</a><sup id="cite_ref-76" class="reference"><a href="#cite_note-76"><span class="cite-bracket">[</span>75<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading3"><h3 id="Turkey">Turkey</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=10" title="Edit section: Turkey"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/w/index.php?title=StrongPity&action=edit&redlink=1" class="new" title="StrongPity (page does not exist)">StrongPity</a> (also known as <a href="/w/index.php?title=APT-C-41&action=edit&redlink=1" class="new" title="APT-C-41 (page does not exist)">APT-C-41</a> or <a href="/w/index.php?title=PROMETHIUM&action=edit&redlink=1" class="new" title="PROMETHIUM (page does not exist)">PROMETHIUM</a>)<sup id="cite_ref-PROMETHIUM_77-0" class="reference"><a href="#cite_note-PROMETHIUM-77"><span class="cite-bracket">[</span>76<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading3"><h3 id="United_States">United States</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=11" title="Edit section: United States"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Equation_Group" title="Equation Group">Equation Group</a><sup id="cite_ref-KasperskyLab2015_78-0" class="reference"><a href="#cite_note-KasperskyLab2015-78"><span class="cite-bracket">[</span>77<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading3"><h3 id="Uzbekistan">Uzbekistan</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=12" title="Edit section: Uzbekistan"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li>SandCat, associated with the <a href="/wiki/State_Security_Service_(Uzbekistan)" title="State Security Service (Uzbekistan)">State Security Service</a> according to Kaspersky<sup id="cite_ref-79" class="reference"><a href="#cite_note-79"><span class="cite-bracket">[</span>78<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading3"><h3 id="Vietnam">Vietnam</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=13" title="Edit section: Vietnam"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/OceanLotus" title="OceanLotus">OceanLotus</a> (also known as <a href="/wiki/APT32" class="mw-redirect" title="APT32">APT32</a>)<sup id="cite_ref-80" class="reference"><a href="#cite_note-80"><span class="cite-bracket">[</span>79<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-81" class="reference"><a href="#cite_note-81"><span class="cite-bracket">[</span>80<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading2"><h2 id="Naming">Naming</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=14" title="Edit section: Naming"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Multiple organizations may assign different names to the same actor. As separate researchers could each have their own varying assessments of an APT group, companies such as <a href="/wiki/CrowdStrike" title="CrowdStrike">CrowdStrike</a>, <a href="/wiki/Kaspersky" class="mw-redirect" title="Kaspersky">Kaspersky</a>, <a href="/wiki/Mandiant" title="Mandiant">Mandiant</a>, and <a href="/wiki/Microsoft" title="Microsoft">Microsoft</a>, among others, have their own internal naming schemes.<sup id="cite_ref-threat-group-naming-schemes_82-0" class="reference"><a href="#cite_note-threat-group-naming-schemes-82"><span class="cite-bracket">[</span>81<span class="cite-bracket">]</span></a></sup> Names between different organizations may refer to overlapping but ultimately different groups, based on various data gathered. </p><p>CrowdStrike assigns animals by nation-state or other category, such as "Kitten" for Iran and "Spider" for groups focused on cybercrime.<sup id="cite_ref-cs-2023-gtr_83-0" class="reference"><a href="#cite_note-cs-2023-gtr-83"><span class="cite-bracket">[</span>82<span class="cite-bracket">]</span></a></sup> Other companies have named groups based on this system — Rampant Kitten, for instance, was named by Check Point rather than CrowdStrike.<sup id="cite_ref-etda-rk_84-0" class="reference"><a href="#cite_note-etda-rk-84"><span class="cite-bracket">[</span>83<span class="cite-bracket">]</span></a></sup> </p><p>Dragos bases its names for APT groups on minerals.<sup id="cite_ref-threat-group-naming-schemes_82-1" class="reference"><a href="#cite_note-threat-group-naming-schemes-82"><span class="cite-bracket">[</span>81<span class="cite-bracket">]</span></a></sup> </p><p>Mandiant assigns numbered acronyms in three categories, APT, FIN, and UNC, resulting in APT names like <a href="/wiki/FIN7" title="FIN7">FIN7</a>. Other companies using a similar system include Proofpoint (TA) and IBM (ITG and Hive).<sup id="cite_ref-threat-group-naming-schemes_82-2" class="reference"><a href="#cite_note-threat-group-naming-schemes-82"><span class="cite-bracket">[</span>81<span class="cite-bracket">]</span></a></sup> </p><p>Microsoft used to assign names from the <a href="/wiki/Periodic_table" title="Periodic table">periodic table</a>, often stylized in all-caps (e.g. <a href="/wiki/Red_Apollo" title="Red Apollo">POTASSIUM</a>); in April 2023, Microsoft changed its naming schema to use weather-based names (e.g. Volt Typhoon).<sup id="cite_ref-ms-lambert-23_85-0" class="reference"><a href="#cite_note-ms-lambert-23-85"><span class="cite-bracket">[</span>84<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=15" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1184024115">.mw-parser-output .div-col{margin-top:0.3em;column-width:30em}.mw-parser-output .div-col-small{font-size:90%}.mw-parser-output .div-col-rules{column-rule:1px solid #aaa}.mw-parser-output .div-col dl,.mw-parser-output .div-col ol,.mw-parser-output .div-col ul{margin-top:0}.mw-parser-output .div-col li,.mw-parser-output .div-col dd{page-break-inside:avoid;break-inside:avoid-column}</style><div class="div-col" style="column-width: 20em;"> <ul><li><a href="/wiki/Bureau_121" title="Bureau 121">Bureau 121</a></li> <li><a href="/wiki/Chinese_intelligence_activity_abroad" title="Chinese intelligence activity abroad">Chinese intelligence activity abroad</a></li> <li><a href="/wiki/Cyber_spying" class="mw-redirect" title="Cyber spying">Cyber spying</a></li> <li><a href="/wiki/Darkhotel" class="mw-redirect" title="Darkhotel">Darkhotel</a></li> <li><a href="/wiki/Fileless_malware" title="Fileless malware">Fileless malware</a></li> <li><a href="/wiki/Ghostnet" class="mw-redirect" title="Ghostnet">Ghostnet</a></li> <li><a href="/wiki/Kill_chain_(military)" title="Kill chain (military)">Kill chain</a></li> <li><a href="/wiki/NetSpectre" class="mw-redirect" title="NetSpectre">NetSpectre</a></li> <li><a href="/wiki/Operation_Aurora" title="Operation Aurora">Operation Aurora</a></li> <li><a href="/wiki/Operation_Shady_RAT" title="Operation Shady RAT">Operation Shady RAT</a></li> <li><a href="/wiki/Proactive_cyber_defence" title="Proactive cyber defence">Proactive cyber defence</a></li> <li><a href="/wiki/Spear-phishing" class="mw-redirect" title="Spear-phishing">Spear-phishing</a></li> <li><a href="/wiki/Spyware" title="Spyware">Spyware</a></li> <li><a href="/wiki/Stuxnet" title="Stuxnet">Stuxnet</a></li> <li><a href="/wiki/Tailored_Access_Operations" title="Tailored Access Operations">Tailored Access Operations</a></li> <li><a href="/wiki/Unit_180" title="Unit 180">Unit 180</a></li> <li><a href="/wiki/Unit_8200" title="Unit 8200">Unit 8200</a></li></ul> </div> <div class="mw-heading mw-heading2"><h2 id="Notes">Notes</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=16" title="Edit section: Notes"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist reflist-lower-alpha"> <div class="mw-references-wrap"><ol class="references"> <li id="cite_note-75"><span class="mw-cite-backlink"><b><a href="#cite_ref-75">^</a></b></span> <span class="reference-text">active since 2013, unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially <a href="/wiki/Ukraine" title="Ukraine">Ukrainian</a> organizations<sup id="cite_ref-zdnet21March2022_73-0" class="reference"><a href="#cite_note-zdnet21March2022-73"><span class="cite-bracket">[</span>73<span class="cite-bracket">]</span></a></sup>) and appears to provide services for other APTs.<sup id="cite_ref-TalosGamaredon_74-0" class="reference"><a href="#cite_note-TalosGamaredon-74"><span class="cite-bracket">[</span>74<span class="cite-bracket">]</span></a></sup> For example, the <a href="/w/index.php?title=InvisiMole&action=edit&redlink=1" class="new" title="InvisiMole (page does not exist)">InvisiMole</a> threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted.<sup id="cite_ref-zdnet21March2022_73-1" class="reference"><a href="#cite_note-zdnet21March2022-73"><span class="cite-bracket">[</span>73<span class="cite-bracket">]</span></a></sup></span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=17" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239543626"><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-1">^</a></b></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.kaspersky.com/resource-center/definitions/advanced-persistent-threats">"What Is an Advanced Persistent Threat (APT)?"</a>. <i>www.kaspersky.com</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322014919/https://www.kaspersky.com/resource-center/definitions/advanced-persistent-threats">Archived</a> from the original on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">11 August</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.kaspersky.com&rft.atitle=What+Is+an+Advanced+Persistent+Threat+%28APT%29%3F&rft_id=https%3A%2F%2Fwww.kaspersky.com%2Fresource-center%2Fdefinitions%2Fadvanced-persistent-threats&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-2"><span class="mw-cite-backlink"><b><a href="#cite_ref-2">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cisco.com/c/en/us/products/security/advanced-persistent-threat.html">"What Is an Advanced Persistent Threat (APT)?"</a>. <i>Cisco</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322014938/https://www.cisco.com/c/en/us/products/security/advanced-persistent-threat.html">Archived</a> from the original on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">11 August</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cisco&rft.atitle=What+Is+an+Advanced+Persistent+Threat+%28APT%29%3F&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fproducts%2Fsecurity%2Fadvanced-persistent-threat.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-:0-3"><span class="mw-cite-backlink">^ <a href="#cite_ref-:0_3-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:0_3-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-:0_3-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMaloney" class="citation news cs1">Maloney, Sarah. <a rel="nofollow" class="external text" href="https://www.cybereason.com/blog/advanced-persistent-threat-apt">"What is an Advanced Persistent Threat (APT)?"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190407232257/https://www.cybereason.com/blog/advanced-persistent-threat-apt">Archived</a> from the original on 7 April 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">9 November</span> 2018</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=What+is+an+Advanced+Persistent+Threat+%28APT%29%3F&rft.aulast=Maloney&rft.aufirst=Sarah&rft_id=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fadvanced-persistent-threat-apt&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-4">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCole.2013" class="citation book cs1">Cole., Eric (2013). <i>Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization</i>. Syngress. <a href="/wiki/OCLC_(identifier)" class="mw-redirect" title="OCLC (identifier)">OCLC</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/oclc/939843912">939843912</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Advanced+Persistent+Threat%3A+Understanding+the+Danger+and+How+to+Protect+Your+Organization&rft.pub=Syngress&rft.date=2013&rft_id=info%3Aoclcnum%2F939843912&rft.aulast=Cole.&rft.aufirst=Eric&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-:2-5"><span class="mw-cite-backlink">^ <a href="#cite_ref-:2_5-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:2_5-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html">"M-Trends Cyber Security Trends"</a>. <i>FireEye</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210921133050/https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html">Archived</a> from the original on 21 September 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">11 August</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=FireEye&rft.atitle=M-Trends+Cyber+Security+Trends&rft_id=https%3A%2F%2Fwww.fireeye.com%2Fcurrent-threats%2Fannual-threat-report%2Fmtrends.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-6">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20190811091624/https://www.fireeye.com/content/dam/fireeye-www/solutions/pdfs/ib-finance.pdf">"Cyber Threats to the Financial Services and Insurance Industries"</a> <span class="cs1-format">(PDF)</span>. <i>FireEye</i>. Archived from <a rel="nofollow" class="external text" href="https://www.fireeye.com/content/dam/fireeye-www/solutions/pdfs/ib-finance.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 11 August 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=FireEye&rft.atitle=Cyber+Threats+to+the+Financial+Services+and+Insurance+Industries&rft_id=https%3A%2F%2Fwww.fireeye.com%2Fcontent%2Fdam%2Ffireeye-www%2Fsolutions%2Fpdfs%2Fib-finance.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-7">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20190811091947/https://www.fireeye.com/content/dam/fireeye-www/global/en/solutions/pdfs/ib-retail-consumer.pdf">"Cyber Threats to the Retail and Consumer Goods Industry"</a> <span class="cs1-format">(PDF)</span>. <i>FireEye</i>. Archived from <a rel="nofollow" class="external text" href="https://www.fireeye.com/content/dam/fireeye-www/global/en/solutions/pdfs/ib-retail-consumer.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 11 August 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=FireEye&rft.atitle=Cyber+Threats+to+the+Retail+and+Consumer+Goods+Industry&rft_id=https%3A%2F%2Fwww.fireeye.com%2Fcontent%2Fdam%2Ffireeye-www%2Fglobal%2Fen%2Fsolutions%2Fpdfs%2Fib-retail-consumer.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20180508161501/https://www.symantec.com/content/en/us/enterprise/white_papers/b-advanced_persistent_threats_WP_21215957.en-us.pdf">"Advanced Persistent Threats: A Symantec Perspective"</a> <span class="cs1-format">(PDF)</span>. <i>Symantec</i>. Archived from <a rel="nofollow" class="external text" href="https://www.symantec.com/content/en/us/enterprise/white_papers/b-advanced_persistent_threats_WP_21215957.en-us.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 8 May 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Symantec&rft.atitle=Advanced+Persistent+Threats%3A+A+Symantec+Perspective&rft_id=https%3A%2F%2Fwww.symantec.com%2Fcontent%2Fen%2Fus%2Fenterprise%2Fwhite_papers%2Fb-advanced_persistent_threats_WP_21215957.en-us.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-9">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAu2018" class="citation journal cs1">Au, Man Ho (2018). "Privacy-preserving personal data operation on mobile cloud—Chances and challenges over advanced persistent threat". <i>Future Generation Computer Systems</i>. <b>79</b>: <span class="nowrap">337–</span>349. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1016%2Fj.future.2017.06.021">10.1016/j.future.2017.06.021</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Future+Generation+Computer+Systems&rft.atitle=Privacy-preserving+personal+data+operation+on+mobile+cloud%E2%80%94Chances+and+challenges+over+advanced+persistent+threat&rft.volume=79&rft.pages=%3Cspan+class%3D%22nowrap%22%3E337-%3C%2Fspan%3E349&rft.date=2018&rft_id=info%3Adoi%2F10.1016%2Fj.future.2017.06.021&rft.aulast=Au&rft.aufirst=Man+Ho&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-:1-10"><span class="mw-cite-backlink">^ <a href="#cite_ref-:1_10-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:1_10-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-:1_10-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.itgovernance.co.uk/advanced-persistent-threats-apt">"Advanced Persistent Threats (APTs)"</a>. <i>IT Governance</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190811090856/https://www.itgovernance.co.uk/advanced-persistent-threats-apt">Archived</a> from the original on 11 August 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">11 August</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=IT+Governance&rft.atitle=Advanced+Persistent+Threats+%28APTs%29&rft_id=https%3A%2F%2Fwww.itgovernance.co.uk%2Fadvanced-persistent-threats-apt&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.trendmicro.co.uk/media/misc/apt-survey-report-en.pdf">"Advanced persistent Threat Awareness"</a> <span class="cs1-format">(PDF)</span>. <i>TrendMicro Inc</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160610083125/http://www.trendmicro.co.uk/media/misc/apt-survey-report-en.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 10 June 2016<span class="reference-accessdate">. Retrieved <span class="nowrap">11 August</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=TrendMicro+Inc&rft.atitle=Advanced+persistent+Threat+Awareness&rft_id=https%3A%2F%2Fwww.trendmicro.co.uk%2Fmedia%2Fmisc%2Fapt-survey-report-en.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-12">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.malwarebytes.com/101/2016/07/explained-advanced-persistent-threat-apt/">"Explained: Advanced Persistent Threat (APT)"</a>. <i>Malwarebytes Labs</i>. 26 July 2016. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190509114627/https://blog.malwarebytes.com/101/2016/07/explained-advanced-persistent-threat-apt/">Archived</a> from the original on 9 May 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">11 August</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Malwarebytes+Labs&rft.atitle=Explained%3A+Advanced+Persistent+Threat+%28APT%29&rft.date=2016-07-26&rft_id=https%3A%2F%2Fblog.malwarebytes.com%2F101%2F2016%2F07%2Fexplained-advanced-persistent-threat-apt%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-13"><span class="mw-cite-backlink"><b><a href="#cite_ref-13">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20130626233122/https://www.sans.edu/student-files/projects/JWP-Binde-McRee-OConnor.pdf">"Assessing Outbound Traffic to Uncover Advanced Persistent Threat"</a> <span class="cs1-format">(PDF)</span>. SANS Technology Institute. Archived from <a rel="nofollow" class="external text" href="https://www.sans.edu/student-files/projects/JWP-Binde-McRee-OConnor.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 26 June 2013<span class="reference-accessdate">. Retrieved <span class="nowrap">14 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Assessing+Outbound+Traffic+to+Uncover+Advanced+Persistent+Threat&rft.pub=SANS+Technology+Institute&rft_id=https%3A%2F%2Fwww.sans.edu%2Fstudent-files%2Fprojects%2FJWP-Binde-McRee-OConnor.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-14">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20140415054512/http://blogs.forrester.com/rick_holland/13-02-14-introducing_forresters_cyber_threat_intelligence_research">"Introducing Forrester's Cyber Threat Intelligence Research"</a>. Forrester Research. Archived from <a rel="nofollow" class="external text" href="http://blogs.forrester.com/rick_holland/13-02-14-introducing_forresters_cyber_threat_intelligence_research">the original</a> on 15 April 2014<span class="reference-accessdate">. Retrieved <span class="nowrap">14 April</span> 2014</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Introducing+Forrester%27s+Cyber+Threat+Intelligence+Research&rft.pub=Forrester+Research&rft_id=http%3A%2F%2Fblogs.forrester.com%2Frick_holland%2F13-02-14-introducing_forresters_cyber_threat_intelligence_research&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBeim2018" class="citation journal cs1">Beim, Jared (2018). <span class="id-lock-subscription" title="Paid subscription required"><a rel="nofollow" class="external text" href="https://www.proquest.com/docview/2012381493">"Enforcing a Prohibition on International Espionage"</a></span>. <i>Chicago Journal of International Law</i>. <b>18</b>: <span class="nowrap">647–</span>672. <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/ProQuest" title="ProQuest">ProQuest</a> <a rel="nofollow" class="external text" href="https://www.proquest.com/docview/2012381493">2012381493</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210522173236/https://www.proquest.com/docview/2012381493">Archived</a> from the original on 22 May 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">18 January</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Chicago+Journal+of+International+Law&rft.atitle=Enforcing+a+Prohibition+on+International+Espionage&rft.volume=18&rft.pages=%3Cspan+class%3D%22nowrap%22%3E647-%3C%2Fspan%3E672&rft.date=2018&rft.aulast=Beim&rft.aufirst=Jared&rft_id=https%3A%2F%2Fwww.proquest.com%2Fdocview%2F2012381493&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.secureworks.com/blog/advanced-persistent-threats-apt-a">"Advanced Persistent Threats: Learn the ABCs of APTs - Part A"</a>. <i>SecureWorks</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190407232258/https://www.secureworks.com/blog/advanced-persistent-threats-apt-a">Archived</a> from the original on 7 April 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">23 January</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=SecureWorks&rft.atitle=Advanced+Persistent+Threats%3A+Learn+the+ABCs+of+APTs+-+Part+A&rft_id=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fadvanced-persistent-threats-apt-a&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-17">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFOlavsrud2012" class="citation web cs1">Olavsrud, Thor (30 April 2012). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210414115711/https://www.cio.com/article/2396583/targeted-attacks-increased--became-more-diverse-in-2011.html">"Targeted Attacks Increased, Became More Diverse in 2011"</a>. <i><a href="/wiki/CIO_Magazine" class="mw-redirect" title="CIO Magazine">CIO Magazine</a></i>. Archived from <a rel="nofollow" class="external text" href="https://www.cio.com/article/2396583/targeted-attacks-increased--became-more-diverse-in-2011.html">the original</a> on 14 April 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">14 April</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CIO+Magazine&rft.atitle=Targeted+Attacks+Increased%2C+Became+More+Diverse+in+2011&rft.date=2012-04-30&rft.aulast=Olavsrud&rft.aufirst=Thor&rft_id=https%3A%2F%2Fwww.cio.com%2Farticle%2F2396583%2Ftargeted-attacks-increased--became-more-diverse-in-2011.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-18">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20100110120647/http://www.businessweek.com/magazine/content/08_16/b4080032220668.htm">"An Evolving Crisis"</a>. BusinessWeek. 10 April 2008. Archived from <a rel="nofollow" class="external text" href="http://www.businessweek.com/magazine/content/08_16/b4080032220668.htm">the original</a> on 10 January 2010<span class="reference-accessdate">. Retrieved <span class="nowrap">20 January</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=An+Evolving+Crisis&rft.pub=BusinessWeek&rft.date=2008-04-10&rft_id=http%3A%2F%2Fwww.businessweek.com%2Fmagazine%2Fcontent%2F08_16%2Fb4080032220668.htm&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-19">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20110418080952/http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm">"The New E-spionage Threat"</a>. BusinessWeek. 10 April 2008. Archived from <a rel="nofollow" class="external text" href="http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm">the original</a> on 18 April 2011<span class="reference-accessdate">. Retrieved <span class="nowrap">19 March</span> 2011</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=The+New+E-spionage+Threat&rft.pub=BusinessWeek&rft.date=2008-04-10&rft_id=http%3A%2F%2Fwww.businessweek.com%2Fmagazine%2Fcontent%2F08_16%2Fb4080032218430.htm&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-20">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRosenbachSchulzWagner2010" class="citation web cs1">Rosenbach, Marcel; Schulz, Thomas; Wagner, Wieland (19 January 2010). <a rel="nofollow" class="external text" href="https://www.spiegel.de/international/world/google-under-attack-the-high-cost-of-doing-business-in-china-a-672742.html">"Google Under Attack: The High Cost of Doing Business in China"</a>. <i>Der Spiegel</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20100121005238/http://www.spiegel.de/international/world/0%2C1518%2C672742%2C00.html">Archived</a> from the original on 21 January 2010<span class="reference-accessdate">. Retrieved <span class="nowrap">20 January</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Der+Spiegel&rft.atitle=Google+Under+Attack%3A+The+High+Cost+of+Doing+Business+in+China&rft.date=2010-01-19&rft.aulast=Rosenbach&rft.aufirst=Marcel&rft.au=Schulz%2C+Thomas&rft.au=Wagner%2C+Wieland&rft_id=https%3A%2F%2Fwww.spiegel.de%2Finternational%2Fworld%2Fgoogle-under-attack-the-high-cost-of-doing-business-in-china-a-672742.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-21">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.defense.gov/Explore/News/Article/Article/2193130/commander-discusses-a-decade-of-dod-cyber-power/">"Commander Discusses a Decade of DOD Cyber Power"</a>. <i>U.S. DEPARTMENT OF DEFENSE</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200919001557/https://www.defense.gov/Explore/News/Article/Article/2193130/commander-discusses-a-decade-of-dod-cyber-power/">Archived</a> from the original on 19 September 2020<span class="reference-accessdate">. Retrieved <span class="nowrap">28 August</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=U.S.+DEPARTMENT+OF+DEFENSE&rft.atitle=Commander+Discusses+a+Decade+of+DOD+Cyber+Power&rft_id=https%3A%2F%2Fwww.defense.gov%2FExplore%2FNews%2FArticle%2FArticle%2F2193130%2Fcommander-discusses-a-decade-of-dod-cyber-power%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-22"><span class="mw-cite-backlink"><b><a href="#cite_ref-22">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bloomberg.com/news/articles/2009-07-06/under-cyberthreat-defense-contractorsbusinessweek-business-news-stock-market-and-financial-advice">"Under Cyberthreat: Defense Contractors"</a>. <i>Bloomberg.com</i>. BusinessWeek. 6 July 2009. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20100111174243/http://www.businessweek.com/technology/content/jul2009/tc2009076_873512.htm">Archived</a> from the original on 11 January 2010<span class="reference-accessdate">. Retrieved <span class="nowrap">20 January</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Bloomberg.com&rft.atitle=Under+Cyberthreat%3A+Defense+Contractors&rft.date=2009-07-06&rft_id=https%3A%2F%2Fwww.bloomberg.com%2Fnews%2Farticles%2F2009-07-06%2Funder-cyberthreat-defense-contractorsbusinessweek-business-news-stock-market-and-financial-advice&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-23"><span class="mw-cite-backlink"><b><a href="#cite_ref-23">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://tominfosec.blogspot.com/2010/02/understanding-apt.html">"Understanding the Advanced Persistent Threat"</a>. Tom Parker. 4 February 2010. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20100218143530/http://tominfosec.blogspot.com/2010/02/understanding-apt.html">Archived</a> from the original on 18 February 2010<span class="reference-accessdate">. Retrieved <span class="nowrap">4 February</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Understanding+the+Advanced+Persistent+Threat&rft.pub=Tom+Parker&rft.date=2010-02-04&rft_id=http%3A%2F%2Ftominfosec.blogspot.com%2F2010%2F02%2Funderstanding-apt.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-24"><span class="mw-cite-backlink"><b><a href="#cite_ref-24">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.usenix.org/legacy/event/lisa09/tech/slides/daly.pdf">"Advanced Persistent Threat (or Informationized Force Operations)"</a> <span class="cs1-format">(PDF)</span>. Usenix, Michael K. Daly. 4 November 2009. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210511075023/https://www.usenix.org/legacy/event/lisa09/tech/slides/daly.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 11 May 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">4 November</span> 2009</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Advanced+Persistent+Threat+%28or+Informationized+Force+Operations%29&rft.pub=Usenix%2C+Michael+K.+Daly&rft.date=2009-11-04&rft_id=https%3A%2F%2Fwww.usenix.org%2Flegacy%2Fevent%2Flisa09%2Ftech%2Fslides%2Fdaly.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-Dell_SecureWorks-25"><span class="mw-cite-backlink"><b><a href="#cite_ref-Dell_SecureWorks_25-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20160305025719/https://www.secureworks.com/resources/sb-advanced-threat-protection-with-dell-secureworks">"Anatomy of an Advanced Persistent Threat (APT)"</a>. Dell SecureWorks. Archived from <a rel="nofollow" class="external text" href="https://www.secureworks.com/resources/sb-advanced-threat-protection-with-dell-secureworks">the original</a> on 5 March 2016<span class="reference-accessdate">. Retrieved <span class="nowrap">21 May</span> 2012</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Anatomy+of+an+Advanced+Persistent+Threat+%28APT%29&rft.pub=Dell+SecureWorks&rft_id=https%3A%2F%2Fwww.secureworks.com%2Fresources%2Fsb-advanced-threat-protection-with-dell-secureworks&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-Cybersecurity:_Current_Writings_on_Threats_and_Protection_2019-26"><span class="mw-cite-backlink"><b><a href="#cite_ref-Cybersecurity:_Current_Writings_on_Threats_and_Protection_2019_26-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGonzalezKemp2019" class="citation book cs1">Gonzalez, Joaquin Jay III; Kemp, Roger L. (16 January 2019). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=FyuFDwAAQBAJ&pg=PA69"><i>Cybersecurity: Current Writings on Threats and Protection</i></a>. McFarland. p. 69. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4766-7440-7" title="Special:BookSources/978-1-4766-7440-7"><bdi>978-1-4766-7440-7</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Cybersecurity%3A+Current+Writings+on+Threats+and+Protection&rft.pages=69&rft.pub=McFarland&rft.date=2019-01-16&rft.isbn=978-1-4766-7440-7&rft.aulast=Gonzalez&rft.aufirst=Joaquin+Jay+III&rft.au=Kemp%2C+Roger+L.&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DFyuFDwAAQBAJ%26pg%3DPA69&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-27"><span class="mw-cite-backlink"><b><a href="#cite_ref-27">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFIngermanYang2011" class="citation web cs1">Ingerman, Bret; Yang, Catherine (31 May 2011). <a rel="nofollow" class="external text" href="https://er.educause.edu/articles/2011/5/topten-it-issues-2011">"Top-Ten IT Issues, 2011"</a>. Educause Review. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210414115711/https://er.educause.edu/articles/2011/5/topten-it-issues-2011">Archived</a> from the original on 14 April 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">14 April</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Top-Ten+IT+Issues%2C+2011&rft.pub=Educause+Review&rft.date=2011-05-31&rft.aulast=Ingerman&rft.aufirst=Bret&rft.au=Yang%2C+Catherine&rft_id=https%3A%2F%2Fer.educause.edu%2Farticles%2F2011%2F5%2Ftopten-it-issues-2011&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-28"><span class="mw-cite-backlink"><b><a href="#cite_ref-28">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMcMahonRohozinski" class="citation web cs1">McMahon, Dave; Rohozinski, Rafal. <a rel="nofollow" class="external text" href="http://publications.gc.ca/collections/collection_2016/rddc-drdc/D68-3-007-2013-eng.pdf">"The Dark Space Project: Defence R&D Canada – Centre for Security Science Contractor Report DRDC CSS CR 2013-007"</a> <span class="cs1-format">(PDF)</span>. <i>publications.gc.ca</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20161105035412/http://publications.gc.ca/collections/collection_2016/rddc-drdc/D68-3-007-2013-eng.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 5 November 2016<span class="reference-accessdate">. Retrieved <span class="nowrap">1 April</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=publications.gc.ca&rft.atitle=The+Dark+Space+Project%3A+Defence+R%26D+Canada+%E2%80%93+Centre+for+Security+Science+Contractor+Report+DRDC+CSS+CR+2013-007&rft.aulast=McMahon&rft.aufirst=Dave&rft.au=Rohozinski%2C+Rafal&rft_id=http%3A%2F%2Fpublications.gc.ca%2Fcollections%2Fcollection_2016%2Frddc-drdc%2FD68-3-007-2013-eng.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-29"><span class="mw-cite-backlink"><b><a href="#cite_ref-29">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20190407232258/https://www.secureworks.com/resources/wp-outmaneuvering-advanced-and-evasive-malware-threats">"Outmaneuvering Advanced and Evasive Malware Threats"</a>. <i>Secureworks</i>. Secureworks Insights. Archived from <a rel="nofollow" class="external text" href="https://www.secureworks.com/resources/wp-outmaneuvering-advanced-and-evasive-malware-threats">the original</a> on 7 April 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">24 February</span> 2016</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Secureworks&rft.atitle=Outmaneuvering+Advanced+and+Evasive+Malware+Threats&rft_id=https%3A%2F%2Fwww.secureworks.com%2Fresources%2Fwp-outmaneuvering-advanced-and-evasive-malware-threats&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-mandiant-30"><span class="mw-cite-backlink">^ <a href="#cite_ref-mandiant_30-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-mandiant_30-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20150202015751/http://intelreport.mandiant.com/">"APT1: Exposing One of China's Cyber Espionage Units"</a>. Mandiant. 2013. Archived from <a rel="nofollow" class="external text" href="http://intelreport.mandiant.com/">the original</a> on 2 February 2015<span class="reference-accessdate">. Retrieved <span class="nowrap">19 February</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=APT1%3A+Exposing+One+of+China%27s+Cyber+Espionage+Units&rft.pub=Mandiant&rft.date=2013&rft_id=http%3A%2F%2Fintelreport.mandiant.com%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-31"><span class="mw-cite-backlink"><b><a href="#cite_ref-31">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.gitguardian.com/inital-access-techniques/">"What are MITRE ATT&CK initial access techniques"</a>. <i>GitGuardian - Automated Secrets Detection</i>. 8 June 2021. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20231129204105/https://blog.gitguardian.com/inital-access-techniques/">Archived</a> from the original on 29 November 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">13 October</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=GitGuardian+-+Automated+Secrets+Detection&rft.atitle=What+are+MITRE+ATT%26CK+initial+access+techniques&rft.date=2021-06-08&rft_id=https%3A%2F%2Fblog.gitguardian.com%2Finital-access-techniques%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-32"><span class="mw-cite-backlink"><b><a href="#cite_ref-32">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBlanchard2013" class="citation web cs1">Blanchard, Ben (19 February 2013). <a rel="nofollow" class="external text" href="https://www.reuters.com/article/us-china-hacking-idUSBRE91I06120130220">"China says U.S. hacking accusations lack technical proof"</a>. Reuters. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210414115709/https://www.reuters.com/article/us-china-hacking-idUSBRE91I06120130220">Archived</a> from the original on 14 April 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">14 April</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=China+says+U.S.+hacking+accusations+lack+technical+proof&rft.pub=Reuters&rft.date=2013-02-19&rft.aulast=Blanchard&rft.aufirst=Ben&rft_id=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-china-hacking-idUSBRE91I06120130220&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-TGN_1-33"><span class="mw-cite-backlink"><b><a href="#cite_ref-TGN_1_33-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDeibert,_R.Rohozinski,_R.Manchanda,_A.Villeneuve,_N.2009" class="citation web cs1">Deibert, R.; Rohozinski, R.; Manchanda, A.; Villeneuve, N.; Walton, G (28 March 2009). <a rel="nofollow" class="external text" href="https://ora.ox.ac.uk/objects/uuid:6d1260fd-b8ee-4a11-8a5f-e7708d543651">"Tracking GhostNet: investigating a cyber espionage network"</a>. The Munk Centre for International Studies, <a href="/wiki/University_of_Toronto" title="University of Toronto">University of Toronto</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20231227155852/https://ora.ox.ac.uk/objects/uuid:6d1260fd-b8ee-4a11-8a5f-e7708d543651">Archived</a> from the original on 27 December 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">27 December</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Tracking+GhostNet%3A+investigating+a+cyber+espionage+network&rft.pub=The+Munk+Centre+for+International+Studies%2C+University+of+Toronto&rft.date=2009-03-28&rft.au=Deibert%2C+R.&rft.au=Rohozinski%2C+R.&rft.au=Manchanda%2C+A.&rft.au=Villeneuve%2C+N.&rft.au=Walton%2C+G&rft_id=https%3A%2F%2Fora.ox.ac.uk%2Fobjects%2Fuuid%3A6d1260fd-b8ee-4a11-8a5f-e7708d543651&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-GSEC_GIAC_Security_Essentials_Certification_All_2013-34"><span class="mw-cite-backlink"><b><a href="#cite_ref-GSEC_GIAC_Security_Essentials_Certification_All_2013_34-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRicMessier2013" class="citation book cs1">RicMessier (30 October 2013). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=zUdZAQAAQBAJ&pg=PR25"><i>GSEC GIAC Security Essentials Certification All</i></a>. McGraw Hill Professional, 2013. p. xxv. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-07-182091-2" title="Special:BookSources/978-0-07-182091-2"><bdi>978-0-07-182091-2</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=GSEC+GIAC+Security+Essentials+Certification+All&rft.pages=xxv&rft.pub=McGraw+Hill+Professional%2C+2013&rft.date=2013-10-30&rft.isbn=978-0-07-182091-2&rft.au=RicMessier&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DzUdZAQAAQBAJ%26pg%3DPR25&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-35"><span class="mw-cite-backlink"><b><a href="#cite_ref-35">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.fireeye.com/current-threats/anatomy-of-a-cyber-attack.html">"Anatomy of an APT (Advanced Persistent Threat) Attack"</a>. <i>FireEye</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20201107220618/https://www.fireeye.com/current-threats/anatomy-of-a-cyber-attack.html">Archived</a> from the original on 7 November 2020<span class="reference-accessdate">. Retrieved <span class="nowrap">14 November</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=FireEye&rft.atitle=Anatomy+of+an+APT+%28Advanced+Persistent+Threat%29+Attack&rft_id=https%3A%2F%2Fwww.fireeye.com%2Fcurrent-threats%2Fanatomy-of-a-cyber-attack.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-36"><span class="mw-cite-backlink"><b><a href="#cite_ref-36">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.recordedfuture.com/active-cyber-defense-part-1/">"Threat Intelligence in an Active Cyber Defense (Part 1)"</a>. <i>Recorded Future</i>. 18 February 2015. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210620155903/https://www.recordedfuture.com/active-cyber-defense-part-1/">Archived</a> from the original on 20 June 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">10 March</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Recorded+Future&rft.atitle=Threat+Intelligence+in+an+Active+Cyber+Defense+%28Part+1%29&rft.date=2015-02-18&rft_id=https%3A%2F%2Fwww.recordedfuture.com%2Factive-cyber-defense-part-1%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-37"><span class="mw-cite-backlink"><b><a href="#cite_ref-37">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.recordedfuture.com/active-cyber-defense-part-2/">"Threat Intelligence in an Active Cyber Defense (Part 2)"</a>. <i>Recorded Future</i>. 24 February 2015. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210227120734/https://www.recordedfuture.com/active-cyber-defense-part-2/">Archived</a> from the original on 27 February 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">10 March</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Recorded+Future&rft.atitle=Threat+Intelligence+in+an+Active+Cyber+Defense+%28Part+2%29&rft.date=2015-02-24&rft_id=https%3A%2F%2Fwww.recordedfuture.com%2Factive-cyber-defense-part-2%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-38"><span class="mw-cite-backlink"><b><a href="#cite_ref-38">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.jinfowar.com/journal/volume-18-issue-4/context-centred-research-approach-phishing-operational-technology-industrial-control-systems">"A Context-Centred Research Approach to Phishing and Operational Technology in Industrial Control Systems | Journal of Information Warfare"</a>. <i>www.jinfowar.com</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210731235144/https://www.jinfowar.com/journal/volume-18-issue-4/context-centred-research-approach-phishing-operational-technology-industrial-control-systems">Archived</a> from the original on 31 July 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">31 July</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.jinfowar.com&rft.atitle=A+Context-Centred+Research+Approach+to+Phishing+and+Operational+Technology+in+Industrial+Control+Systems+%7C+Journal+of+Information+Warfare&rft_id=https%3A%2F%2Fwww.jinfowar.com%2Fjournal%2Fvolume-18-issue-4%2Fcontext-centred-research-approach-phishing-operational-technology-industrial-control-systems&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-Symantec2019-39"><span class="mw-cite-backlink"><b><a href="#cite_ref-Symantec2019_39-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit">"Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak"</a>. <a href="/wiki/NortonLifeLock" class="mw-redirect" title="NortonLifeLock">Symantec</a>. 7 May 2019. <a rel="nofollow" class="external text" href="https://archive.today/20190507054409/https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit">Archived</a> from the original on 7 May 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">23 July</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Buckeye%3A+Espionage+Outfit+Used+Equation+Group+Tools+Prior+to+Shadow+Brokers+Leak&rft.pub=Symantec&rft.date=2019-05-07&rft_id=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuckeye-windows-zero-day-exploit&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-40"><span class="mw-cite-backlink"><b><a href="#cite_ref-40">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf">"APT17: Hiding in Plain Sight - FireEye and Microsoft Expose Obfuscation Tactic"</a> <span class="cs1-format">(PDF)</span>. <i><a href="/wiki/FireEye" class="mw-redirect" title="FireEye">FireEye</a></i>. May 2015. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20231124143647/https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 24 November 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">21 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=FireEye&rft.atitle=APT17%3A+Hiding+in+Plain+Sight+-+FireEye+and+Microsoft+Expose+Obfuscation+Tactic&rft.date=2015-05&rft_id=https%3A%2F%2Fwww2.fireeye.com%2Frs%2Ffireye%2Fimages%2FAPT17_Report.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-:32-41"><span class="mw-cite-backlink"><b><a href="#cite_ref-:32_41-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.hhs.gov/sites/default/files/china-based-threat-actor-profiles-tlpclear.pdf">"China-Based Threat Actors"</a> <span class="cs1-format">(PDF)</span>. <i><a href="/wiki/U.S._Department_of_Health_and_Human_Services" class="mw-redirect" title="U.S. Department of Health and Human Services">U.S. Department of Health and Human Services</a> Office of Information Security</i>. 16 August 2023. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20231229092112/https://www.hhs.gov/sites/default/files/china-based-threat-actor-profiles-tlpclear.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 29 December 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=U.S.+Department+of+Health+and+Human+Services+Office+of+Information+Security&rft.atitle=China-Based+Threat+Actors&rft.date=2023-08-16&rft_id=https%3A%2F%2Fwww.hhs.gov%2Fsites%2Fdefault%2Ffiles%2Fchina-based-threat-actor-profiles-tlpclear.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-fox-it2019-42"><span class="mw-cite-backlink"><b><a href="#cite_ref-fox-it2019_42-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFvan_DantzigSchamper2019" class="citation web cs1">van Dantzig, Maarten; Schamper, Erik (19 December 2019). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322014904/https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf">"Wocao APT20"</a> <span class="cs1-format">(PDF)</span>. <i>fox-it.com</i>. <a href="/wiki/NCC_Group" title="NCC Group">NCC Group</a>. Archived from <a rel="nofollow" class="external text" href="https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">23 December</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=fox-it.com&rft.atitle=Wocao+APT20&rft.date=2019-12-19&rft.aulast=van+Dantzig&rft.aufirst=Maarten&rft.au=Schamper%2C+Erik&rft_id=https%3A%2F%2Fresources.fox-it.com%2Frs%2F170-CAK-271%2Fimages%2F201912_Report_Operation_Wocao.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-43"><span class="mw-cite-backlink"><b><a href="#cite_ref-43">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFVijayan2019" class="citation web cs1">Vijayan, Jai (19 December 2019). <a rel="nofollow" class="external text" href="https://www.darkreading.com/attacks-breaches/china-based-cyber-espionage-group-targeting-orgs-in-10-countries/d/d-id/1336676">"China-Based Cyber Espionage Group Targeting Orgs in 10 Countries"</a>. <i>www.darkreading.com</i>. Dark Reading. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210507025313/https://www.darkreading.com/attacks-breaches/china-based-cyber-espionage-group-targeting-orgs-in-10-countries/d/d-id/1336676">Archived</a> from the original on 7 May 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">12 January</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.darkreading.com&rft.atitle=China-Based+Cyber+Espionage+Group+Targeting+Orgs+in+10+Countries&rft.date=2019-12-19&rft.aulast=Vijayan&rft.aufirst=Jai&rft_id=https%3A%2F%2Fwww.darkreading.com%2Fattacks-breaches%2Fchina-based-cyber-espionage-group-targeting-orgs-in-10-countries%2Fd%2Fd-id%2F1336676&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-44"><span class="mw-cite-backlink"><b><a href="#cite_ref-44">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBarth2016" class="citation web cs1">Barth, Bradley (16 March 2016). <a rel="nofollow" class="external text" href="https://www.scworld.com/brief/suckfly-in-the-ointment-chinese-apt-group-steals-code-signing-certificates">"<span class="cs1-kern-left"></span>'Suckfly' in the ointment: Chinese APT group steals code-signing certificates"</a>. <i>SC Media</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240924130146/https://www.scworld.com/brief/suckfly-in-the-ointment-chinese-apt-group-steals-code-signing-certificates">Archived</a> from the original on 24 September 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">24 September</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=SC+Media&rft.atitle=%27Suckfly%27+in+the+ointment%3A+Chinese+APT+group+steals+code-signing+certificates&rft.date=2016-03-16&rft.aulast=Barth&rft.aufirst=Bradley&rft_id=https%3A%2F%2Fwww.scworld.com%2Fbrief%2Fsuckfly-in-the-ointment-chinese-apt-group-steals-code-signing-certificates&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-45"><span class="mw-cite-backlink"><b><a href="#cite_ref-45">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/">"Building China's Comac C919 airplane involved a lot of hacking, report says"</a>. <i>ZDNET</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20191115164639/https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/">Archived</a> from the original on 15 November 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">24 September</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNET&rft.atitle=Building+China%27s+Comac+C919+airplane+involved+a+lot+of+hacking%2C+report+says&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fbuilding-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-46"><span class="mw-cite-backlink"><b><a href="#cite_ref-46">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLyngaas2021" class="citation web cs1">Lyngaas, Sean (10 August 2021). <a rel="nofollow" class="external text" href="https://www.cyberscoop.com/china-israel-iran-fireeye-hacking/">"Chinese hackers posed as Iranians to breach Israeli targets, FireEye says"</a>. <i>www.cyberscoop.com</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20231129204248/https://cyberscoop.com/china-israel-iran-fireeye-hacking/">Archived</a> from the original on 29 November 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">15 August</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.cyberscoop.com&rft.atitle=Chinese+hackers+posed+as+Iranians+to+breach+Israeli+targets%2C+FireEye+says&rft.date=2021-08-10&rft.aulast=Lyngaas&rft.aufirst=Sean&rft_id=https%3A%2F%2Fwww.cyberscoop.com%2Fchina-israel-iran-fireeye-hacking%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-47"><span class="mw-cite-backlink"><b><a href="#cite_ref-47">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLyngaas2019" class="citation web cs1">Lyngaas, Sean (12 February 2019). <a rel="nofollow" class="external text" href="https://www.cyberscoop.com/apt10-apt31-recorded-future-rapid7-china/">"Right country, wrong group? Researchers say it wasn't APT10 that hacked Norwegian software firm"</a>. <i>www.cyberscoop.com</i>. Cyberscoop. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210507025345/https://www.cyberscoop.com/apt10-apt31-recorded-future-rapid7-china/">Archived</a> from the original on 7 May 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">16 October</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.cyberscoop.com&rft.atitle=Right+country%2C+wrong+group%3F+Researchers+say+it+wasn%27t+APT10+that+hacked+Norwegian+software+firm&rft.date=2019-02-12&rft.aulast=Lyngaas&rft.aufirst=Sean&rft_id=https%3A%2F%2Fwww.cyberscoop.com%2Fapt10-apt31-recorded-future-rapid7-china%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-48"><span class="mw-cite-backlink"><b><a href="#cite_ref-48">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLyngaas2020" class="citation web cs1">Lyngaas, Sean (16 October 2020). <a rel="nofollow" class="external text" href="https://www.cyberscoop.com/biden-chinese-hacking-google-security-russia/">"Google offers details on Chinese hacking group that targeted Biden campaign"</a>. <i>Cyberscoop</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210507025313/https://www.cyberscoop.com/biden-chinese-hacking-google-security-russia/">Archived</a> from the original on 7 May 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">16 October</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cyberscoop&rft.atitle=Google+offers+details+on+Chinese+hacking+group+that+targeted+Biden+campaign&rft.date=2020-10-16&rft.aulast=Lyngaas&rft.aufirst=Sean&rft_id=https%3A%2F%2Fwww.cyberscoop.com%2Fbiden-chinese-hacking-google-security-russia%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-ms-threat-actors-24-49"><span class="mw-cite-backlink"><b><a href="#cite_ref-ms-threat-actors-24_49-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming">"How Microsoft names threat actors"</a>. Microsoft. 16 January 2024. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240710235817/https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming">Archived</a> from the original on 10 July 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">21 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=How+Microsoft+names+threat+actors&rft.pub=Microsoft&rft.date=2024-01-16&rft_id=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fintelligence%2Fmicrosoft-threat-actor-naming&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-50"><span class="mw-cite-backlink"><b><a href="#cite_ref-50">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://home.treasury.gov/news/press-releases/jy2205">"Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure"</a>. <i><a href="/wiki/U.S._Department_of_the_Treasury" class="mw-redirect" title="U.S. Department of the Treasury">U.S. Department of the Treasury</a></i>. 19 March 2024. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240325174521/https://home.treasury.gov/news/press-releases/jy2205">Archived</a> from the original on 25 March 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">25 March</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=U.S.+Department+of+the+Treasury&rft.atitle=Treasury+Sanctions+China-Linked+Hackers+for+Targeting+U.S.+Critical+Infrastructure&rft.date=2024-03-19&rft_id=https%3A%2F%2Fhome.treasury.gov%2Fnews%2Fpress-releases%2Fjy2205&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-fireeye2019-51"><span class="mw-cite-backlink"><b><a href="#cite_ref-fireeye2019_51-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20210507025313/https://content.fireeye.com/apt-41/rpt-apt41/">"Double Dragon APT41, a dual espionage and cyber crime operation"</a>. <i><a href="/wiki/FireEye" class="mw-redirect" title="FireEye">FireEye</a></i>. 16 October 2019. Archived from <a rel="nofollow" class="external text" href="https://content.fireeye.com/apt-41/rpt-apt41/">the original</a> on 7 May 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">14 April</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=FireEye&rft.atitle=Double+Dragon+APT41%2C+a+dual+espionage+and+cyber+crime+operation&rft.date=2019-10-16&rft_id=https%3A%2F%2Fcontent.fireeye.com%2Fapt-41%2Frpt-apt41%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-52"><span class="mw-cite-backlink"><b><a href="#cite_ref-52">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.taipeitimes.com/News/taiwan/archives/2020/05/17/2003736564">"Bureau names ransomware culprits"</a>. <i><a href="/wiki/Taipei_Times" title="Taipei Times">Taipei Times</a></i>. 17 May 2020. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322015319/https://www.taipeitimes.com/News/taiwan/archives/2020/05/17/2003736564">Archived</a> from the original on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">22 May</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Taipei+Times&rft.atitle=Bureau+names+ransomware+culprits&rft.date=2020-05-17&rft_id=https%3A%2F%2Fwww.taipeitimes.com%2FNews%2Ftaiwan%2Farchives%2F2020%2F05%2F17%2F2003736564&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-:52-53"><span class="mw-cite-backlink"><b><a href="#cite_ref-:52_53-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGreenberg2020" class="citation magazine cs1"><a href="/wiki/Andy_Greenberg" title="Andy Greenberg">Greenberg, Andy</a> (6 August 2020). <a rel="nofollow" class="external text" href="https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/">"Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry"</a>. <i><a href="/wiki/Wired_(magazine)" title="Wired (magazine)">Wired</a></i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1059-1028">1059-1028</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322015355/https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/">Archived</a> from the original on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">14 July</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=Chinese+Hackers+Have+Pillaged+Taiwan%27s+Semiconductor+Industry&rft.date=2020-08-06&rft.issn=1059-1028&rft.aulast=Greenberg&rft.aufirst=Andy&rft_id=https%3A%2F%2Fwww.wired.com%2Fstory%2Fchinese-hackers-taiwan-semiconductor-industry-skeleton-key%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-54"><span class="mw-cite-backlink"><b><a href="#cite_ref-54">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSabin2022" class="citation news cs1">Sabin, Sam (26 October 2022). <a rel="nofollow" class="external text" href="https://www.axios.com/2022/10/26/disinformation-campaign-midterms-china-dragonbridge-mandiant">"New pro-China disinformation campaign targets 2022 elections: Report"</a>. <i><a href="/wiki/Axios_(website)" title="Axios (website)">Axios</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20221026182732/https://www.axios.com/2022/10/26/disinformation-campaign-midterms-china-dragonbridge-mandiant">Archived</a> from the original on 26 October 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">27 October</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Axios&rft.atitle=New+pro-China+disinformation+campaign+targets+2022+elections%3A+Report&rft.date=2022-10-26&rft.aulast=Sabin&rft.aufirst=Sam&rft_id=https%3A%2F%2Fwww.axios.com%2F2022%2F10%2F26%2Fdisinformation-campaign-midterms-china-dragonbridge-mandiant&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-55"><span class="mw-cite-backlink"><b><a href="#cite_ref-55">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMilmo2024" class="citation news cs1">Milmo, Dan (5 April 2024). <a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/2024/apr/05/china-using-ai-disrupt-elections">"China will use AI to disrupt elections in the US, South Korea and India, Microsoft warns"</a>. <i><a href="/wiki/The_Guardian" title="The Guardian">The Guardian</a></i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0261-3077">0261-3077</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240525185211/https://www.theguardian.com/technology/2024/apr/05/china-using-ai-disrupt-elections">Archived</a> from the original on 25 May 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">7 April</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=China+will+use+AI+to+disrupt+elections+in+the+US%2C+South+Korea+and+India%2C+Microsoft+warns&rft.date=2024-04-05&rft.issn=0261-3077&rft.aulast=Milmo&rft.aufirst=Dan&rft_id=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2024%2Fapr%2F05%2Fchina-using-ai-disrupt-elections&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-56"><span class="mw-cite-backlink"><b><a href="#cite_ref-56">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNaraine2021" class="citation web cs1">Naraine, Ryan (2 March 2021). <a rel="nofollow" class="external text" href="https://www.securityweek.com/microsoft-4-exchange-server-zero-days-under-attack-chinese-apt-group">"Microsoft: Multiple Exchange Server Zero-Days Under Attack by Chinese Hacking Group"</a>. <i>securityweek.com</i>. Wired Business Media. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20230706202313/https://www.securityweek.com/microsoft-4-exchange-server-zero-days-under-attack-chinese-apt-group/">Archived</a> from the original on 6 July 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">3 March</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=securityweek.com&rft.atitle=Microsoft%3A+Multiple+Exchange+Server+Zero-Days+Under+Attack+by+Chinese+Hacking+Group&rft.date=2021-03-02&rft.aulast=Naraine&rft.aufirst=Ryan&rft_id=https%3A%2F%2Fwww.securityweek.com%2Fmicrosoft-4-exchange-server-zero-days-under-attack-chinese-apt-group&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-57"><span class="mw-cite-backlink"><b><a href="#cite_ref-57">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBurt2021" class="citation web cs1">Burt, Tom (2 March 2021). <a rel="nofollow" class="external text" href="https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/">"New nation-state cyberattacks"</a>. <i>blogs.microsoft.com</i>. Microsoft. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210302211855/https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/">Archived</a> from the original on 2 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">3 March</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=blogs.microsoft.com&rft.atitle=New+nation-state+cyberattacks&rft.date=2021-03-02&rft.aulast=Burt&rft.aufirst=Tom&rft_id=https%3A%2F%2Fblogs.microsoft.com%2Fon-the-issues%2F2021%2F03%2F02%2Fnew-nation-state-cyberattacks%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-techtarget-lightbasin-58"><span class="mw-cite-backlink"><b><a href="#cite_ref-techtarget-lightbasin_58-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNichols2021" class="citation web cs1">Nichols, Shaun (20 October 2021). <a rel="nofollow" class="external text" href="https://www.techtarget.com/searchsecurity/news/252508413/LightBasin-hackers-spent-5-years-hiding-on-telco-networks">"<span class="cs1-kern-left"></span>'LightBasin' hackers spent 5 years hiding on telco networks"</a>. <i><a href="/wiki/TechTarget" class="mw-redirect" title="TechTarget">TechTarget</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20231129204219/https://www.techtarget.com/searchsecurity/news/252508413/LightBasin-hackers-spent-5-years-hiding-on-telco-networks">Archived</a> from the original on 29 November 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">8 April</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=TechTarget&rft.atitle=%27LightBasin%27+hackers+spent+5+years+hiding+on+telco+networks&rft.date=2021-10-20&rft.aulast=Nichols&rft.aufirst=Shaun&rft_id=https%3A%2F%2Fwww.techtarget.com%2Fsearchsecurity%2Fnews%2F252508413%2FLightBasin-hackers-spent-5-years-hiding-on-telco-networks&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-bleeping-computer-lightbasin-59"><span class="mw-cite-backlink"><b><a href="#cite_ref-bleeping-computer-lightbasin_59-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFIlascu2021" class="citation web cs1">Ilascu, Ionut (19 October 2021). <a rel="nofollow" class="external text" href="https://www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/">"LightBasin hacking group breaches 13 global telecoms in two years"</a>. <i><a href="/wiki/Bleeping_Computer" title="Bleeping Computer">Bleeping Computer</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20230724084013/https://www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/">Archived</a> from the original on 24 July 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">8 April</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Bleeping+Computer&rft.atitle=LightBasin+hacking+group+breaches+13+global+telecoms+in+two+years&rft.date=2021-10-19&rft.aulast=Ilascu&rft.aufirst=Ionut&rft_id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Flightbasin-hacking-group-breaches-13-global-telecoms-in-two-years%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-60"><span class="mw-cite-backlink"><b><a href="#cite_ref-60">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCimpanu" class="citation news cs1">Cimpanu, Catalin. <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/hackers-target-the-air-gapped-networks-of-the-taiwanese-and-philippine-military/">"Hackers target the air-gapped networks of the Taiwanese and Philippine military"</a>. <i><a href="/wiki/ZDnet" class="mw-redirect" title="ZDnet">ZDnet</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322015315/https://www.zdnet.com/article/hackers-target-the-air-gapped-networks-of-the-taiwanese-and-philippine-military/">Archived</a> from the original on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">16 May</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ZDnet&rft.atitle=Hackers+target+the+air-gapped+networks+of+the+Taiwanese+and+Philippine+military&rft.aulast=Cimpanu&rft.aufirst=Catalin&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-target-the-air-gapped-networks-of-the-taiwanese-and-philippine-military%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-61"><span class="mw-cite-backlink"><b><a href="#cite_ref-61">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFIntelligence2023" class="citation web cs1">Intelligence, Microsoft Threat (24 May 2023). <a rel="nofollow" class="external text" href="https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/">"Volt Typhoon targets US critical infrastructure with living-off-the-land techniques"</a>. <i>Microsoft Security Blog</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240117093138/https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/">Archived</a> from the original on 17 January 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">26 May</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Microsoft+Security+Blog&rft.atitle=Volt+Typhoon+targets+US+critical+infrastructure+with+living-off-the-land+techniques&rft.date=2023-05-24&rft.aulast=Intelligence&rft.aufirst=Microsoft+Threat&rft_id=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2023%2F05%2F24%2Fvolt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-:6-62"><span class="mw-cite-backlink"><b><a href="#cite_ref-:6_62-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTucker2024" class="citation web cs1">Tucker, Eric (18 September 2024). <a rel="nofollow" class="external text" href="https://apnews.com/article/fbi-justice-department-chinese-hacking-84e16185ae16367443a5e083adb74c8c">"FBI disrupts Chinese cyber operation targeting critical infrastructure in the US"</a>. <i><a href="/wiki/Associated_Press" title="Associated Press">Associated Press</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240924130146/https://apnews.com/article/fbi-justice-department-chinese-hacking-84e16185ae16367443a5e083adb74c8c">Archived</a> from the original on 24 September 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">18 September</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Associated+Press&rft.atitle=FBI+disrupts+Chinese+cyber+operation+targeting+critical+infrastructure+in+the+US&rft.date=2024-09-18&rft.aulast=Tucker&rft.aufirst=Eric&rft_id=https%3A%2F%2Fapnews.com%2Farticle%2Ffbi-justice-department-chinese-hacking-84e16185ae16367443a5e083adb74c8c&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-OpenAI-63"><span class="mw-cite-backlink">^ <a href="#cite_ref-OpenAI_63-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-OpenAI_63-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors">"Disrupting malicious uses of AI by state-affiliated threat actors"</a>. 14 February 2024. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240216151959/https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors">Archived</a> from the original on 16 February 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">16 February</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Disrupting+malicious+uses+of+AI+by+state-affiliated+threat+actors&rft.date=2024-02-14&rft_id=https%3A%2F%2Fopenai.com%2Fblog%2Fdisrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-AIThreatActors-64"><span class="mw-cite-backlink">^ <a href="#cite_ref-AIThreatActors_64-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-AIThreatActors_64-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai">"Staying ahead of threat actors in the age of AI"</a>. <i><a href="/wiki/Microsoft" title="Microsoft">Microsoft</a></i>. 14 February 2024. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240216163312/https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/">Archived</a> from the original on 16 February 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">16 February</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Microsoft&rft.atitle=Staying+ahead+of+threat+actors+in+the+age+of+AI&rft.date=2024-02-14&rft_id=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2024%2F02%2F14%2Fstaying-ahead-of-threat-actors-in-the-age-of-ai&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-65"><span class="mw-cite-backlink"><b><a href="#cite_ref-65">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKrouseMcMillanVolz2024" class="citation news cs1">Krouse, Sarah; McMillan, Robert; Volz, Dustin (25 September 2024). <span class="id-lock-subscription" title="Paid subscription required"><a rel="nofollow" class="external text" href="https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835">"China-Linked Hackers Breach U.S. Internet Providers in New 'Salt Typhoon' Cyberattack"</a></span>. <i><a href="/wiki/The_Wall_Street_Journal" title="The Wall Street Journal">The Wall Street Journal</a></i><span class="reference-accessdate">. Retrieved <span class="nowrap">25 September</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Wall+Street+Journal&rft.atitle=China-Linked+Hackers+Breach+U.S.+Internet+Providers+in+New+%27Salt+Typhoon%27+Cyberattack&rft.date=2024-09-25&rft.aulast=Krouse&rft.aufirst=Sarah&rft.au=McMillan%2C+Robert&rft.au=Volz%2C+Dustin&rft_id=https%3A%2F%2Fwww.wsj.com%2Fpolitics%2Fnational-security%2Fchina-cyberattack-internet-providers-260bd835&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-66"><span class="mw-cite-backlink"><b><a href="#cite_ref-66">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKrouseVolzViswanathaMcMillan2024" class="citation news cs1">Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (5 October 2024). <span class="id-lock-subscription" title="Paid subscription required"><a rel="nofollow" class="external text" href="https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b">"U.S. Wiretap Systems Targeted in China-Linked Hack"</a></span>. <i><a href="/wiki/The_Wall_Street_Journal" title="The Wall Street Journal">The Wall Street Journal</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20241005025020/https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b">Archived</a> from the original on 5 October 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">5 October</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Wall+Street+Journal&rft.atitle=U.S.+Wiretap+Systems+Targeted+in+China-Linked+Hack&rft.date=2024-10-05&rft.aulast=Krouse&rft.aufirst=Sarah&rft.au=Volz%2C+Dustin&rft.au=Viswanatha%2C+Aruna&rft.au=McMillan%2C+Robert&rft_id=https%3A%2F%2Fwww.wsj.com%2Ftech%2Fcybersecurity%2Fu-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-67"><span class="mw-cite-backlink"><b><a href="#cite_ref-67">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSabin2024" class="citation news cs1">Sabin, Sam (19 November 2024). <a rel="nofollow" class="external text" href="https://www.axios.com/2024/11/19/exclusive-new-china-linked-telco-attackers-codebook">"New China-linked telco attackers"</a>. <i><a href="/wiki/Axios_(website)" title="Axios (website)">Axios</a></i><span class="reference-accessdate">. Retrieved <span class="nowrap">19 November</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Axios&rft.atitle=New+China-linked+telco+attackers&rft.date=2024-11-19&rft.aulast=Sabin&rft.aufirst=Sam&rft_id=https%3A%2F%2Fwww.axios.com%2F2024%2F11%2F19%2Fexclusive-new-china-linked-telco-attackers-codebook&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-68"><span class="mw-cite-backlink"><b><a href="#cite_ref-68">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFYamaguchi2025" class="citation web cs1">Yamaguchi, Mari (8 January 2025). <a rel="nofollow" class="external text" href="https://apnews.com/article/japan-police-cyberattack-china-government-68adcb293b2931da4c30ca0279720124">"Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data"</a>. <i><a href="/wiki/Associated_Press" title="Associated Press">Associated Press</a></i><span class="reference-accessdate">. Retrieved <span class="nowrap">8 January</span> 2025</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Associated+Press&rft.atitle=Japan+links+Chinese+hacker+MirrorFace+to+dozens+of+cyberattacks+targeting+security+and+tech+data&rft.date=2025-01-08&rft.aulast=Yamaguchi&rft.aufirst=Mari&rft_id=https%3A%2F%2Fapnews.com%2Farticle%2Fjapan-police-cyberattack-china-government-68adcb293b2931da4c30ca0279720124&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-69"><span class="mw-cite-backlink"><b><a href="#cite_ref-69">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMontalbano2020" class="citation web cs1">Montalbano, Elizabeth (1 September 2020). <a rel="nofollow" class="external text" href="https://threatpost.com/pioneer-kitten-apt-sells-corporate-network-access/158833/">"Pioneer Kitten APT Sells Corporate Network Access"</a>. <i>Threat Post</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322015301/https://threatpost.com/pioneer-kitten-apt-sells-corporate-network-access/158833/">Archived</a> from the original on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">3 September</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Threat+Post&rft.atitle=Pioneer+Kitten+APT+Sells+Corporate+Network+Access&rft.date=2020-09-01&rft.aulast=Montalbano&rft.aufirst=Elizabeth&rft_id=https%3A%2F%2Fthreatpost.com%2Fpioneer-kitten-apt-sells-corporate-network-access%2F158833%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-70"><span class="mw-cite-backlink"><b><a href="#cite_ref-70">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://attack.mitre.org/groups/G0087/">"APT39, ITG07, Chafer, Remix Kitten, Group G0087 | MITRE ATT&CK®"</a>. <i>attack.mitre.org</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20221230215710/https://attack.mitre.org/groups/G0087/">Archived</a> from the original on 30 December 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">30 December</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=attack.mitre.org&rft.atitle=APT39%2C+ITG07%2C+Chafer%2C+Remix+Kitten%2C+Group+G0087+%7C+MITRE+ATT%26CK%C2%AE&rft_id=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0087%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-71"><span class="mw-cite-backlink"><b><a href="#cite_ref-71">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf">"Crowdstrike Global Threat Report 2020"</a> <span class="cs1-format">(PDF)</span>. <i>crowdstrike.com</i>. 2020. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200314121317/https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 14 March 2020<span class="reference-accessdate">. Retrieved <span class="nowrap">30 December</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=crowdstrike.com&rft.atitle=Crowdstrike+Global+Threat+Report+2020&rft.date=2020&rft_id=https%3A%2F%2Fgo.crowdstrike.com%2Frs%2F281-OBQ-266%2Fimages%2FReport2020CrowdStrikeGlobalThreatReport.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-venturebeatFeb2022-72"><span class="mw-cite-backlink"><b><a href="#cite_ref-venturebeatFeb2022_72-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKyle_Alspach2022" class="citation web cs1">Kyle Alspach (4 February 2022). <a rel="nofollow" class="external text" href="https://venturebeat.com/2022/02/04/microsoft-discloses-new-details-on-russian-hacker-group-gamaredon/">"Microsoft discloses new details on Russian hacker group Gamaredon"</a>. <i><a href="/wiki/VentureBeat" title="VentureBeat">VentureBeat</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220206082258/https://venturebeat.com/2022/02/04/microsoft-discloses-new-details-on-russian-hacker-group-gamaredon/">Archived</a> from the original on 6 February 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">22 March</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=VentureBeat&rft.atitle=Microsoft+discloses+new+details+on+Russian+hacker+group+Gamaredon&rft.date=2022-02-04&rft.au=Kyle+Alspach&rft_id=https%3A%2F%2Fventurebeat.com%2F2022%2F02%2F04%2Fmicrosoft-discloses-new-details-on-russian-hacker-group-gamaredon%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-zdnet21March2022-73"><span class="mw-cite-backlink">^ <a href="#cite_ref-zdnet21March2022_73-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-zdnet21March2022_73-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCharlie_Osborne2022" class="citation web cs1">Charlie Osborne (21 March 2022). <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/ukraine-warns-of-invisimole-attacks-tied-to-state-sponsored-russian-hackers/">"Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers"</a>. <i><a href="/wiki/ZDNet" class="mw-redirect" title="ZDNet">ZDNet</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220322165716/https://www.zdnet.com/article/ukraine-warns-of-invisimole-attacks-tied-to-state-sponsored-russian-hackers/">Archived</a> from the original on 22 March 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">22 March</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNet&rft.atitle=Ukraine+warns+of+InvisiMole+attacks+tied+to+state-sponsored+Russian+hackers&rft.date=2022-03-21&rft.au=Charlie+Osborne&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fukraine-warns-of-invisimole-attacks-tied-to-state-sponsored-russian-hackers%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-TalosGamaredon-74"><span class="mw-cite-backlink"><b><a href="#cite_ref-TalosGamaredon_74-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWarren_MercerVitor_Ventura2021" class="citation web cs1">Warren Mercer; Vitor Ventura (23 February 2021). <a rel="nofollow" class="external text" href="https://blog.talosintelligence.com/2021/02/gamaredonactivities.html">"Gamaredon - When nation states don't pay all the bills"</a>. <i>Cisco</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220319134527/https://blog.talosintelligence.com/2021/02/gamaredonactivities.html">Archived</a> from the original on 19 March 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">22 March</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cisco&rft.atitle=Gamaredon+-+When+nation+states+don%27t+pay+all+the+bills&rft.date=2021-02-23&rft.au=Warren+Mercer&rft.au=Vitor+Ventura&rft_id=https%3A%2F%2Fblog.talosintelligence.com%2F2021%2F02%2Fgamaredonactivities.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-76"><span class="mw-cite-backlink"><b><a href="#cite_ref-76">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://adversary.crowdstrike.com/en-US/adversary/venomous-bear/">"Adversary: Venomous Bear - Threat Actor"</a>. <i>Crowdstrike Adversary Universe</i><span class="reference-accessdate">. Retrieved <span class="nowrap">22 March</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Crowdstrike+Adversary+Universe&rft.atitle=Adversary%3A+Venomous+Bear+-+Threat+Actor&rft_id=https%3A%2F%2Fadversary.crowdstrike.com%2Fen-US%2Fadversary%2Fvenomous-bear%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-PROMETHIUM-77"><span class="mw-cite-backlink"><b><a href="#cite_ref-PROMETHIUM_77-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWarren_MercerPaul_RascagneresVitor_Ventura2020" class="citation web cs1">Warren Mercer; Paul Rascagneres; Vitor Ventura (29 June 2020). <a rel="nofollow" class="external text" href="https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html">"PROMETHIUM extends global reach with StrongPity3 APT"</a>. <i>Cisco</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220322224729/https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html">Archived</a> from the original on 22 March 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">22 March</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cisco&rft.atitle=PROMETHIUM+extends+global+reach+with+StrongPity3+APT&rft.date=2020-06-29&rft.au=Warren+Mercer&rft.au=Paul+Rascagneres&rft.au=Vitor+Ventura&rft_id=https%3A%2F%2Fblog.talosintelligence.com%2F2020%2F06%2Fpromethium-extends-with-strongpity3.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-KasperskyLab2015-78"><span class="mw-cite-backlink"><b><a href="#cite_ref-KasperskyLab2015_78-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/">"Equation: The Death Star of Malware Galaxy"</a>. <a href="/wiki/Kaspersky_Lab" title="Kaspersky Lab">Kaspersky Lab</a>. 16 February 2015. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190711082936/https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/">Archived</a> from the original on 11 July 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">23 July</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Equation%3A+The+Death+Star+of+Malware+Galaxy&rft.pub=Kaspersky+Lab&rft.date=2015-02-16&rft_id=https%3A%2F%2Fsecurelist.com%2Fequation-the-death-star-of-malware-galaxy%2F68750%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-79"><span class="mw-cite-backlink"><b><a href="#cite_ref-79">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGallagher2019" class="citation web cs1">Gallagher, Sean (3 October 2019). <a rel="nofollow" class="external text" href="https://arstechnica.com/information-technology/2019/10/kaspersky-finds-uzbekistan-hacking-opbecause-they-used-kaspersky-av/">"Kaspersky finds Uzbekistan hacking op… because group used Kaspersky AV"</a>. <i>arstechnica.com</i>. Ars Technica. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322015356/https://arstechnica.com/information-technology/2019/10/kaspersky-finds-uzbekistan-hacking-opbecause-they-used-kaspersky-av/">Archived</a> from the original on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">5 October</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=arstechnica.com&rft.atitle=Kaspersky+finds+Uzbekistan+hacking+op%E2%80%A6+because+group+used+Kaspersky+AV&rft.date=2019-10-03&rft.aulast=Gallagher&rft.aufirst=Sean&rft_id=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F10%2Fkaspersky-finds-uzbekistan-hacking-opbecause-they-used-kaspersky-av%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-80"><span class="mw-cite-backlink"><b><a href="#cite_ref-80">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPanda" class="citation web cs1">Panda, Ankit. <a rel="nofollow" class="external text" href="https://thediplomat.com/2020/04/offensive-cyber-capabilities-and-public-health-intelligence-vietnam-apt32-and-covid-19/">"Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19"</a>. <i>thediplomat.com</i>. The Diplomat. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322015324/https://thediplomat.com/2020/04/offensive-cyber-capabilities-and-public-health-intelligence-vietnam-apt32-and-covid-19/">Archived</a> from the original on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=thediplomat.com&rft.atitle=Offensive+Cyber+Capabilities+and+Public+Health+Intelligence%3A+Vietnam%2C+APT32%2C+and+COVID-19&rft.aulast=Panda&rft.aufirst=Ankit&rft_id=https%3A%2F%2Fthediplomat.com%2F2020%2F04%2Foffensive-cyber-capabilities-and-public-health-intelligence-vietnam-apt32-and-covid-19%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-81"><span class="mw-cite-backlink"><b><a href="#cite_ref-81">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTanriverdiZiererWetterBiermann2020" class="citation news cs1">Tanriverdi, Hakan; Zierer, Max; Wetter, Ann-Kathrin; Biermann, Kai; Nguyen, Thi Do (8 October 2020). Nierle, Verena; Schöffel, Robert; Wreschniok, Lisa (eds.). <a rel="nofollow" class="external text" href="https://web.br.de/interaktiv/ocean-lotus/en/">"Lined up in the sights of Vietnamese hackers"</a>. <a href="/wiki/Bayerischer_Rundfunk" title="Bayerischer Rundfunk">Bayerischer Rundfunk</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210322015304/https://web.br.de/interaktiv/ocean-lotus/en/">Archived</a> from the original on 22 March 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">11 October</span> 2020</span>. <q>In Bui's case the traces lead to a group presumably acting on behalf of the Vietnamese state. Experts have many names for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information security specialists, they all agreed that this is a Vietnamese group spying, in particular, on its own compatriots.</q></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Lined+up+in+the+sights+of+Vietnamese+hackers&rft.date=2020-10-08&rft.aulast=Tanriverdi&rft.aufirst=Hakan&rft.au=Zierer%2C+Max&rft.au=Wetter%2C+Ann-Kathrin&rft.au=Biermann%2C+Kai&rft.au=Nguyen%2C+Thi+Do&rft_id=https%3A%2F%2Fweb.br.de%2Finteraktiv%2Focean-lotus%2Fen%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-threat-group-naming-schemes-82"><span class="mw-cite-backlink">^ <a href="#cite_ref-threat-group-naming-schemes_82-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-threat-group-naming-schemes_82-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-threat-group-naming-schemes_82-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBushidoToken2022" class="citation web cs1">BushidoToken (20 May 2022). <a rel="nofollow" class="external text" href="https://www.curatedintel.org/2022/05/threat-group-naming-schemes-in-cyber.html">"Threat Group Naming Schemes In Cyber Threat Intelligence"</a>. Curated Intelligence. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20231208025624/https://www.curatedintel.org/2022/05/threat-group-naming-schemes-in-cyber.html">Archived</a> from the original on 8 December 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">21 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Threat+Group+Naming+Schemes+In+Cyber+Threat+Intelligence&rft.pub=Curated+Intelligence&rft.date=2022-05-20&rft.au=BushidoToken&rft_id=https%3A%2F%2Fwww.curatedintel.org%2F2022%2F05%2Fthreat-group-naming-schemes-in-cyber.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-cs-2023-gtr-83"><span class="mw-cite-backlink"><b><a href="#cite_ref-cs-2023-gtr_83-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://iitd.com.ua/wp-content/uploads/2023/03/crowdstrike2023globalthreatreport.pdf">"CrowdStrike 2023 Global Threat Report"</a> <span class="cs1-format">(PDF)</span>. CrowdStrike. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240326233326/https://iitd.com.ua/wp-content/uploads/2023/03/crowdstrike2023globalthreatreport.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 26 March 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">21 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=CrowdStrike+2023+Global+Threat+Report&rft.pub=CrowdStrike&rft_id=https%3A%2F%2Fiitd.com.ua%2Fwp-content%2Fuploads%2F2023%2F03%2Fcrowdstrike2023globalthreatreport.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-etda-rk-84"><span class="mw-cite-backlink"><b><a href="#cite_ref-etda-rk_84-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://apt.etda.or.th/cgi-bin/showcard.cgi?g=Rampant%20Kitten">"Rampant Kitten"</a>. Thailand Electronic Transactions Development Agency. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20221129105244/https://apt.etda.or.th/cgi-bin/showcard.cgi?g=Rampant%20Kitten">Archived</a> from the original on 29 November 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">21 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Rampant+Kitten&rft.pub=Thailand+Electronic+Transactions+Development+Agency&rft_id=https%3A%2F%2Fapt.etda.or.th%2Fcgi-bin%2Fshowcard.cgi%3Fg%3DRampant%2520Kitten&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> <li id="cite_note-ms-lambert-23-85"><span class="mw-cite-backlink"><b><a href="#cite_ref-ms-lambert-23_85-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLambert2023" class="citation web cs1">Lambert, John (18 April 2023). <a rel="nofollow" class="external text" href="https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/">"Microsoft shifts to a new threat actor naming taxonomy"</a>. Microsoft. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240122164844/https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/">Archived</a> from the original on 22 January 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">21 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Microsoft+shifts+to+a+new+threat+actor+naming+taxonomy&rft.pub=Microsoft&rft.date=2023-04-18&rft.aulast=Lambert&rft.aufirst=John&rft_id=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2023%2F04%2F18%2Fmicrosoft-shifts-to-a-new-threat-actor-naming-taxonomy%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AAdvanced+persistent+threat" class="Z3988"></span></span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Advanced_persistent_threat&action=edit&section=18" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <dl><dt>Lists of APT groups</dt></dl> <ul><li><a rel="nofollow" class="external text" href="https://www.mandiant.com/resources/insights/apt-groups">Mandiant: Advanced Persistent Threat Groups</a></li> <li><a rel="nofollow" class="external text" href="https://attack.mitre.org/groups/">MITRE ATT&CK security community tracked Advanced Persistent Group Pages</a></li></ul> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="Information_security88" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="3"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Information_security" title="Template:Information security"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Information_security" title="Template talk:Information security"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Information_security" title="Special:EditPage/Template:Information security"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Information_security88" style="font-size:114%;margin:0 4em"><a href="/wiki/Information_security" title="Information security">Information security</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">Related security categories</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Computer_security" title="Computer security">Computer security</a></li> <li><a href="/wiki/Automotive_security" title="Automotive security">Automotive security</a></li> <li><a href="/wiki/Cybercrime" title="Cybercrime">Cybercrime</a> <ul><li><a href="/wiki/Cybersex_trafficking" title="Cybersex trafficking">Cybersex trafficking</a></li> <li><a href="/wiki/Computer_fraud" title="Computer fraud">Computer fraud</a></li></ul></li> <li><a href="/wiki/Cybergeddon" title="Cybergeddon">Cybergeddon</a></li> <li><a href="/wiki/Cyberterrorism" title="Cyberterrorism">Cyberterrorism</a></li> <li><a href="/wiki/Cyberwarfare" title="Cyberwarfare">Cyberwarfare</a></li> <li><a href="/wiki/Electronic_warfare" title="Electronic warfare">Electronic warfare</a></li> <li><a href="/wiki/Information_warfare" title="Information warfare">Information warfare</a></li> <li><a href="/wiki/Internet_security" title="Internet security">Internet security</a></li> <li><a href="/wiki/Mobile_security" title="Mobile security">Mobile security</a></li> <li><a href="/wiki/Network_security" title="Network security">Network security</a></li> <li><a href="/wiki/Copy_protection" title="Copy protection">Copy protection</a></li> <li><a href="/wiki/Digital_rights_management" title="Digital rights management">Digital rights management</a></li></ul> </div></td><td class="noviewer navbox-image" rowspan="3" style="width:1px;padding:0 0 0 2px"><div><figure class="mw-halign-center" typeof="mw:File"><a href="/wiki/File:CIAJMK1209-en.svg" class="mw-file-description" title="vectorial version"><img alt="vectorial version" src="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/150px-CIAJMK1209-en.svg.png" decoding="async" width="150" height="150" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/225px-CIAJMK1209-en.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/300px-CIAJMK1209-en.svg.png 2x" data-file-width="496" data-file-height="496" /></a><figcaption>vectorial version</figcaption></figure></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Threat_(computer)" class="mw-redirect" title="Threat (computer)">Threats</a></th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Adware" title="Adware">Adware</a></li> <li><a class="mw-selflink selflink">Advanced persistent threat</a></li> <li><a href="/wiki/Arbitrary_code_execution" title="Arbitrary code execution">Arbitrary code execution</a></li> <li><a href="/wiki/Backdoor_(computing)" title="Backdoor (computing)">Backdoors</a></li> <li>Bombs <ul><li><a href="/wiki/Fork_bomb" title="Fork bomb">Fork</a></li> <li><a href="/wiki/Logic_bomb" title="Logic bomb">Logic</a></li> <li><a href="/wiki/Time_bomb_(software)" title="Time bomb (software)">Time</a></li> <li><a href="/wiki/Zip_bomb" title="Zip bomb">Zip</a></li></ul></li> <li><a href="/wiki/Hardware_backdoor" title="Hardware backdoor">Hardware backdoors</a></li> <li><a href="/wiki/Code_injection" title="Code injection">Code injection</a></li> <li><a href="/wiki/Crimeware" title="Crimeware">Crimeware</a></li> <li><a href="/wiki/Cross-site_scripting" title="Cross-site scripting">Cross-site scripting</a></li> <li><a href="/wiki/Cross-site_leaks" title="Cross-site leaks">Cross-site leaks</a></li> <li><a href="/wiki/DOM_clobbering" title="DOM clobbering">DOM clobbering</a></li> <li><a href="/wiki/History_sniffing" title="History sniffing">History sniffing</a></li> <li><a href="/wiki/Cryptojacking" title="Cryptojacking">Cryptojacking</a></li> <li><a href="/wiki/Botnet" title="Botnet">Botnets</a></li> <li><a href="/wiki/Data_breach" title="Data breach">Data breach</a></li> <li><a href="/wiki/Drive-by_download" title="Drive-by download">Drive-by download</a></li> <li><a href="/wiki/Browser_Helper_Object" title="Browser Helper Object">Browser Helper Objects</a></li> <li><a href="/wiki/Computer_virus" title="Computer virus">Viruses</a></li> <li><a href="/wiki/Data_scraping" title="Data scraping">Data scraping</a></li> <li><a href="/wiki/Denial-of-service_attack" title="Denial-of-service attack">Denial-of-service attack</a></li> <li><a href="/wiki/Eavesdropping" title="Eavesdropping">Eavesdropping</a></li> <li><a href="/wiki/Email_fraud" title="Email fraud">Email fraud</a></li> <li><a href="/wiki/Email_spoofing" title="Email spoofing">Email spoofing</a></li> <li><a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">Exploits</a></li> <li><a href="/wiki/Dialer#Fraudulent_dialer" title="Dialer">Fraudulent dialers</a></li> <li><a href="/wiki/Hacktivism" title="Hacktivism">Hacktivism</a></li> <li><a href="/wiki/Infostealer" title="Infostealer">Infostealer</a></li> <li><a href="/wiki/Insecure_direct_object_reference" title="Insecure direct object reference">Insecure direct object reference</a></li> <li><a href="/wiki/Keystroke_logging" title="Keystroke logging">Keystroke loggers</a></li> <li><a href="/wiki/Malware" title="Malware">Malware</a></li> <li><a href="/wiki/Payload_(computing)" title="Payload (computing)">Payload</a></li> <li><a href="/wiki/Phishing" title="Phishing">Phishing</a> <ul><li><a href="/wiki/Voice_phishing" title="Voice phishing">Voice</a></li></ul></li> <li><a href="/wiki/Polymorphic_engine" title="Polymorphic engine">Polymorphic engine</a></li> <li><a href="/wiki/Privilege_escalation" title="Privilege escalation">Privilege escalation</a></li> <li><a href="/wiki/Ransomware" title="Ransomware">Ransomware</a></li> <li><a href="/wiki/Rootkit" title="Rootkit">Rootkits</a></li> <li><a href="/wiki/Scareware" title="Scareware">Scareware</a></li> <li><a href="/wiki/Shellcode" title="Shellcode">Shellcode</a></li> <li><a href="/wiki/Spamming" title="Spamming">Spamming</a></li> <li><a href="/wiki/Social_engineering_(security)" title="Social engineering (security)">Social engineering</a></li> <li><a href="/wiki/Spyware" title="Spyware">Spyware</a></li> <li><a href="/wiki/Software_bug" title="Software bug">Software bugs</a></li> <li><a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan horses</a></li> <li><a href="/wiki/Hardware_Trojan" title="Hardware Trojan">Hardware Trojans</a></li> <li><a href="/wiki/Remote_access_trojan" class="mw-redirect" title="Remote access trojan">Remote access trojans</a></li> <li><a href="/wiki/Vulnerability_(computer_security)" title="Vulnerability (computer security)">Vulnerability</a></li> <li><a href="/wiki/Web_shell" title="Web shell">Web shells</a></li> <li><a href="/wiki/Wiper_(malware)" title="Wiper (malware)">Wiper</a></li> <li><a href="/wiki/Computer_worm" title="Computer worm">Worms</a></li> <li><a href="/wiki/SQL_injection" title="SQL injection">SQL injection</a></li> <li><a href="/wiki/Rogue_security_software" title="Rogue security software">Rogue security software</a></li> <li><a href="/wiki/Zombie_(computing)" title="Zombie (computing)">Zombie</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Defenses</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Application_security" title="Application security">Application security</a> <ul><li><a href="/wiki/Secure_coding" title="Secure coding">Secure coding</a></li> <li>Secure by default</li> <li><a href="/wiki/Secure_by_design" title="Secure by design">Secure by design</a> <ul><li><a href="/wiki/Misuse_case" title="Misuse case">Misuse case</a></li></ul></li></ul></li> <li><a href="/wiki/Computer_access_control" title="Computer access control">Computer access control</a> <ul><li><a href="/wiki/Authentication" title="Authentication">Authentication</a> <ul><li><a href="/wiki/Multi-factor_authentication" title="Multi-factor authentication">Multi-factor authentication</a></li></ul></li> <li><a href="/wiki/Authorization" title="Authorization">Authorization</a></li></ul></li> <li><a href="/wiki/Computer_security_software" title="Computer security software">Computer security software</a> <ul><li><a href="/wiki/Antivirus_software" title="Antivirus software">Antivirus software</a></li> <li><a href="/wiki/Security-focused_operating_system" title="Security-focused operating system">Security-focused operating system</a></li></ul></li> <li><a href="/wiki/Data-centric_security" title="Data-centric security">Data-centric security</a></li> <li><a href="/wiki/Obfuscation_(software)" title="Obfuscation (software)">Software obfuscation</a></li> <li><a href="/wiki/Data_masking" title="Data masking">Data masking</a></li> <li><a href="/wiki/Encryption" title="Encryption">Encryption</a></li> <li><a href="/wiki/Firewall_(computing)" title="Firewall (computing)">Firewall</a></li> <li><a href="/wiki/Intrusion_detection_system" title="Intrusion detection system">Intrusion detection system</a> <ul><li><a href="/wiki/Host-based_intrusion_detection_system" title="Host-based intrusion detection system">Host-based intrusion detection system</a> (HIDS)</li> <li><a href="/wiki/Anomaly_detection" title="Anomaly detection">Anomaly detection</a></li></ul></li> <li><a href="/wiki/Information_security_management" title="Information security management">Information security management</a> <ul><li><a href="/wiki/Information_risk_management" class="mw-redirect" title="Information risk management">Information risk management</a></li> <li><a href="/wiki/Security_information_and_event_management" title="Security information and event management">Security information and event management</a> (SIEM)</li></ul></li> <li><a href="/wiki/Runtime_application_self-protection" title="Runtime application self-protection">Runtime application self-protection</a></li> <li><a href="/wiki/Site_isolation" title="Site isolation">Site isolation</a></li></ul> </div></td></tr></tbody></table></div> <!-- NewPP limit report Parsed by mw‐web.codfw.main‐84b999ff94‐f878m Cached time: 20250204100948 Cache expiry: 2592000 Reduced expiry: false Complications: [vary‐revision‐sha1, show‐toc] CPU time usage: 0.715 seconds Real time usage: 0.786 seconds Preprocessor visited node count: 4910/1000000 Post‐expand include size: 186664/2097152 bytes Template argument size: 2302/2097152 bytes Highest expansion depth: 12/100 Expensive parser function count: 6/500 Unstrip recursion depth: 1/20 Unstrip post‐expand size: 322437/5000000 bytes Lua time usage: 0.447/10.000 seconds Lua memory usage: 6206168/52428800 bytes Number of Wikibase entities loaded: 0/400 --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 680.311 1 -total 66.36% 451.487 2 Template:Reflist 45.92% 312.401 68 Template:Cite_web 9.74% 66.239 1 Template:Information_security 9.31% 63.307 1 Template:Navbox 7.85% 53.371 1 Template:Short_description 6.04% 41.118 10 Template:Cite_news 4.98% 33.871 2 Template:Pagetype 4.65% 31.641 1 Template:Citation_needed 4.18% 28.424 1 Template:Fix --> <!-- Saved in parser cache with key enwiki:pcache:25874360:|#|:idhash:canonical and timestamp 20250204100948 and revision id 1268242591. Rendering was triggered because: page-view --> </div><!--esi <esi:include src="/esitest-fa8a495983347898/content" /> --><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?useformat=desktop&type=1x1&usesul3=0" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Advanced_persistent_threat&oldid=1268242591">https://en.wikipedia.org/w/index.php?title=Advanced_persistent_threat&oldid=1268242591</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:Advanced_persistent_threat" title="Category:Advanced persistent threat">Advanced persistent threat</a></li><li><a href="/wiki/Category:Espionage" title="Category:Espionage">Espionage</a></li><li><a href="/wiki/Category:Hacking_(computer_security)" title="Category:Hacking (computer security)">Hacking (computer security)</a></li><li><a href="/wiki/Category:Cyberwarfare" title="Category:Cyberwarfare">Cyberwarfare</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:Use_dmy_dates_from_April_2021" title="Category:Use dmy dates from April 2021">Use dmy dates from April 2021</a></li><li><a href="/wiki/Category:All_articles_with_unsourced_statements" title="Category:All articles with unsourced statements">All articles with unsourced statements</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_October_2019" title="Category:Articles with unsourced statements from October 2019">Articles with unsourced statements from October 2019</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 8 January 2025, at 20:49<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Advanced_persistent_threat&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" lang="en" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-header-container vector-sticky-header-container"> <div id="vector-sticky-header" class="vector-sticky-header"> <div class="vector-sticky-header-start"> <div class="vector-sticky-header-icon-start vector-button-flush-left vector-button-flush-right" aria-hidden="true"> <button class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-sticky-header-search-toggle" tabindex="-1" data-event-name="ui.vector-sticky-search-form.icon"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </button> </div> <div role="search" class="vector-search-box-vue vector-search-box-show-thumbnail vector-search-box"> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail"> <form action="/w/index.php" id="vector-sticky-search-form" class="cdx-search-input cdx-search-input--has-end-button"> <div class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia"> <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <div class="vector-sticky-header-context-bar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-sticky-header-toc" class="vector-dropdown mw-portlet mw-portlet-sticky-header-toc vector-sticky-header-toc vector-button-flush-left" > <input type="checkbox" id="vector-sticky-header-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-sticky-header-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-sticky-header-toc-label" for="vector-sticky-header-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-sticky-header-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div class="vector-sticky-header-context-bar-primary" aria-hidden="true" ><span class="mw-page-title-main">Advanced persistent threat</span></div> </div> </div> <div class="vector-sticky-header-end" aria-hidden="true"> <div class="vector-sticky-header-icons"> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-talk-sticky-header" tabindex="-1" data-event-name="talk-sticky-header"><span class="vector-icon mw-ui-icon-speechBubbles mw-ui-icon-wikimedia-speechBubbles"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-subject-sticky-header" tabindex="-1" data-event-name="subject-sticky-header"><span class="vector-icon mw-ui-icon-article mw-ui-icon-wikimedia-article"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-history-sticky-header" tabindex="-1" data-event-name="history-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-history mw-ui-icon-wikimedia-wikimedia-history"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only mw-watchlink" id="ca-watchstar-sticky-header" tabindex="-1" data-event-name="watch-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-star mw-ui-icon-wikimedia-wikimedia-star"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-edit-sticky-header" tabindex="-1" data-event-name="wikitext-edit-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-wikiText mw-ui-icon-wikimedia-wikimedia-wikiText"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-ve-edit-sticky-header" tabindex="-1" data-event-name="ve-edit-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-edit mw-ui-icon-wikimedia-wikimedia-edit"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-viewsource-sticky-header" tabindex="-1" data-event-name="ve-edit-protected-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-editLock mw-ui-icon-wikimedia-wikimedia-editLock"></span> <span></span> </a> </div> <div class="vector-sticky-header-buttons"> <button class="cdx-button cdx-button--weight-quiet mw-interlanguage-selector" id="p-lang-btn-sticky-header" tabindex="-1" data-event-name="ui.dropdown-p-lang-btn-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-language mw-ui-icon-wikimedia-wikimedia-language"></span> <span>21 languages</span> </button> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive" id="ca-addsection-sticky-header" tabindex="-1" data-event-name="addsection-sticky-header"><span class="vector-icon mw-ui-icon-speechBubbleAdd-progressive mw-ui-icon-wikimedia-speechBubbleAdd-progressive"></span> <span>Add topic</span> </a> </div> <div class="vector-sticky-header-icon-end"> <div class="vector-user-links"> </div> </div> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-76499f767d-58grm","wgBackendResponseTime":159,"wgPageParseReport":{"limitreport":{"cputime":"0.715","walltime":"0.786","ppvisitednodes":{"value":4910,"limit":1000000},"postexpandincludesize":{"value":186664,"limit":2097152},"templateargumentsize":{"value":2302,"limit":2097152},"expansiondepth":{"value":12,"limit":100},"expensivefunctioncount":{"value":6,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":322437,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 680.311 1 -total"," 66.36% 451.487 2 Template:Reflist"," 45.92% 312.401 68 Template:Cite_web"," 9.74% 66.239 1 Template:Information_security"," 9.31% 63.307 1 Template:Navbox"," 7.85% 53.371 1 Template:Short_description"," 6.04% 41.118 10 Template:Cite_news"," 4.98% 33.871 2 Template:Pagetype"," 4.65% 31.641 1 Template:Citation_needed"," 4.18% 28.424 1 Template:Fix"]},"scribunto":{"limitreport-timeusage":{"value":"0.447","limit":"10.000"},"limitreport-memusage":{"value":6206168,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-84b999ff94-f878m","timestamp":"20250204100948","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Advanced persistent threat","url":"https:\/\/en.wikipedia.org\/wiki\/Advanced_persistent_threat","sameAs":"http:\/\/www.wikidata.org\/entity\/Q4686357","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q4686357","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2010-01-20T02:54:37Z","dateModified":"2025-01-08T20:49:46Z","headline":"stealthy threat actor"}</script> </body> </html>