After analyzing and correlating activity from multiple sensors, the security administrator has
determined that a group of very well organized individuals from an enemy country is responsible
for various attempts to breach the company network, through the use of very sophisticated and
targeted attacks. Which of the following is this an example of?

A.
Privilege escalation

B.
Advanced persistent threat

C.
Malicious insider threat

D.
Spear phishing

Explanation:
Definitions of precisely what an APT is can vary widely, but can best be summarized by their
named requirements:
Advanced – Criminal operators behind the threat utilize the full spectrum of computer intrusion
technologies and techniques. While individual components of the attack may not be classed as
particularly “advanced” (e.g. malware components generated from commonly available DIY
construction kits, or the use of easily procured exploit materials), their operators can typically
access and develop more advanced tools as required. They combine multiple attack
methodologies and tools in order to reach and compromise their target.
Persistent – Criminal operators give priority to a specific task, rather than opportunistically seeking
immediate financial gain. This distinction implies that the attackers are guided by external entities.
The attack is conducted through continuous monitoring and interaction in order to achieve the

defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a
“low-and-slow” approach is usually more successful.
Threat – means that there is a level of coordinated human involvement in the attack, rather than a
mindless and automated piece of code. The criminal operators have a specific objective and are
skilled, motivated, organized and well funded.