The neverending story of Advanced Persistent Threats

As the name would suggest, advanced persistent threats are attacks that use a continuous and sophisticated hacking technique to gain access to a system and remain inside for a prolonged period, which may result in potentially destructive consequences.

The Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat activity. And one of the biggest examples of a successful advanced persistent threat attack was the SolarWinds incident. According to its report, the evidence suggested that the threat actor behind the attack, DarkHalo, had spent six months inside OrionIT’s networks to perfect their attack. And the rest of course is history.

Another example of an advance persistent threat attack is HoneyMyte. HoneyMyte modified a fingerprint scanner software installer package on a distribution server in a country in South Asia. Not only did it modify a configuration file, but it was also able to work on installation even without network connectivity. The Trojanized installer appears to have been staged on the distribution server from March to June.

GReAT researchers feel that 2022 is going to see advanced persistent threats becoming more advanced and target more areas as well. One of the biggest changes will be from the Politicization that is playing an increasing role in cyberspace, the return of low-level attacks, an inflow of new advanced persistent threat actors, and an explosion of supply chain attacks.

What’s more concerning is how the private sector is seeing an influx of new advanced persistent threat players. This includes the recent Project Pegasus surveillance spyware. The researchers also have seen developers of advanced surveillance tools increasing their detection evasion and anti-analysis capabilities – as in the case of FinSpy – and using them in the wild – as was the case with the Slingshot framework.


Other targeted threat predictions for 2022 include:

  • Mobile devices – 2021 saw wild zero-day attacks on iOS devices and is expected to continue in 2022. Simply because security products on iOS are either…