Evolution of Advanced Persistent Threat (APT) Attacks and Actors

  • Chia-Mei Chen
  • Gu-Hsin Lai
  • Dan-Wei (Marian) WenEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1013)


Advanced Persistent Threat (APT) has become one of the most complicated and intractable cyber attack over the last decade. As APT attacks are conducted through series of actions that comprise social engineering, phishing, command and control servers, and remote desktop control, conventional anti-virus mechanisms become insufficient because they were designed to cope with traditional stand-alone malware attacks. Furthermore, data transmission from the compromised network to the APT actors is usually well disguised and embedded in normal transmission, exacerbating the detection of APT attacks to the point that even major anti-virus firms are not sure about the ratio of discovered APT attacks against real attacks. To make things worse, APT actors tend to be well-organized and potentially government-funded groups of hackers and professionals who are capable of developing and maintaining malware specifically made for their own purposes and interpret the stolen data. While most efforts in defending against APT attacks focus on related technologies, this research argues the importance of constructing a holistic understanding by analyzing the behaviors and changes of ATP attacks and actors. This research aims to understand the evolution of technologies and malware on the one hand and the behavioral changes of attacking groups. By doing so, this research is expected to contribute to constructing a clearer roadmap of APT attacks and actors that cyber security providers can use as reference.


Advanced Persistent Threat APT Evolution Behavior analysis 


  1. 1.
    Lemay, A., Calvet, J., Menet, F., Fernandez, J.M.: Survey of publicly available reports on advanced persistent threat actors. Comput. Secur. 72, 26–59 (2018)CrossRefGoogle Scholar
  2. 2.
    Li, F., Lai, A., Ddl, D.: Evidence of Advanced Persistent Threat: A case study of malware for political espionage. In: 6th International Conference on Malicious and Unwanted Software, pp. 102–109 (2011)Google Scholar
  3. 3.
    Mandiant: APT1: Exposing One of China’s Cyber Espionage Units (2013). Accessed 1 Mar 2018
  4. 4.
    Ussath, M., Jaeger, D., Feng, C., Meinel, C.: Advanced persistent threats: behind the scenes. In: 2016 Annual Conference on Information Science and Systems (CISS), pp. 181–186 (2016)Google Scholar
  5. 5.
    Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for Advanced Persistent Threat detection. Comput. Netw. 109, 127–141 (2016)CrossRefGoogle Scholar
  6. 6.
    Nelson, R.R., Winter, S.: An Evolution Theory of Economic. Change Press (1982)Google Scholar
  7. 7.
    Osborne, C.: Most companies take over six months to detect data breaches. Accessed 20 Feb 2018
  8. 8.
    Aldridge, J.: Remediating Targeted-threat Intrusions (2018). Accessed 20 May 2018
  9. 9.
    Guido, D.: A case study of intelligence-driven defense. IEEE Secur. Priv. 9, 67–70 (2011)CrossRefGoogle Scholar
  10. 10.
    FireEye: APT37: The Overlooked North Korean Actor (2018). Accessed 1 Mar 2018
  11. 11.
    Blazquez, D., Domenech, J.: Big data sources and methods for social and economic analyses. Technol. Forecast. Soc. Change 130, 99–113 (2018)CrossRefGoogle Scholar
  12. 12.
    Wang, Y., Xu, W.: Leveraging deep learning with LDA-based text analytics to detect automobile insurance fraud. Decis. Support Syst. 105, 87–95 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.National Sun Yat-senKaohsiungTaiwan
  2. 2.Taiwan Police CollegeTaipeiTaiwan

Personalised recommendations