APT attackers receive direction and support (mostly) from an established nation state, however, there are indicators that some APT’s rent their services to highest bidders and/or have agreements with shady entities working for larger corporations, but this has never been proven. No matter if their mission is to steal data, disrupt operations or damage or destroy infrastructure for ransom or fun, these threat actors have a wide range off skills and tools and more importantly the will to use them!
Unlike most cyber criminals, APT attackers pursue their objectives over an extended period of time, typically months or years. They adapt to new security postures, often researching them as they come to market, frequently changing their attack vectors or malware payloads to avoid detection. They are persistent, tenacious and if you want to stylise them somewhat, single-minded to the nth degree.
Using Cyber forensics to identify the who where why and how doesn’t always mean your identifying the correct group as often as they compromise or damage public entities like companies, they will often engage in shadow wars with each other over turf, botnets, targets or generally because they can.
The following information highlights the current known APT’s and will be updated as and when new data arises.