In the world of IT security, the worst type of threat to find in your network is an ‘advanced persistent threat‘ or APT. This type of threat is stealthy, and continuous. It pervades the IT infrastructure and is an actively maintained and controlled threat – nothing like a fire-and-forget trojan or ransomware malware system.
Finding an APT would generally indicate that an organization has had a threat in many different sections of their IT infrastructure for a significant time; quite probably across multiple systems, possibly across multiple operating systems and that threat is seemingly resistant to attempts to lock it down, clean it up and remove it from the network. Cleaning up APTs is sometimes like a game of ‘whack-a-mole’.
This type of threat is indicative that agents of another government, or large-scale criminal enterprise, have deployed significant resources to hack your network, and keep it hacked. It is speculated that when a government finds an APT, it couldn’t be much else by cyber-espionage by another nation state. This is an analysis that we would have to concur with. APTs inside government systems take LOTS of resources to maintain – usually these types of resources are only available to other nation states.
How would you like to find out that someone is living inside your walls?
These kinds of threats are the things of a CIO’s nightmares. It would be like discovering that you have someone living inside the walls of your house…
and this is what the FBI says the US Government is experiencing….
The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.
The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.
A quoted Security expert implies this may have happened before:
“Looks like they were in for years before they were caught, god knows where they are,” Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, and who has reviewed the alert, told Motherboard. “Anybody who’s been in that network all this long, they could be anywhere and everywhere.”
For Adams, this alert shows that the US government still is not in control of what’s going on inside its most sensitive networks. This alert, he said, is an admission of that.
“It’s just flabbergasting,” he told me. “How many times can this keep happening before we finally realize we’re screwed?”
Other Security experts suggest this may have gone back as far as 2008 (or was this one persistent threat dating back to 2008??):
“This is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008 I believe,” Kurt Baumgartner, a researcher at the Russian security firm Kaspersky Lab, told me. (Baumgartner declined to say whether the group was Chinese or not, but said its targets align with the interest of a state-sponsored attacker.)
Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert “were associated with APT6 and one of their malware backdoors,” and that the hackers “targeted the US and UK defense industrial base.”