How Many Phases Are There In APT Attack? Five-Stage Explained


When you are a successful organization, it means you have valuable information regarding the business and clients. Such organizations are usually targeted by attackers sponsored by foreign government agencies or competitors. Attackers use multiple attack vectors such as the internet, email, physical, and deception. The attackers pursue their objective to steal information over an extended period of time. This is known as an Advanced Persistent Threat attack. Further in this article, we are going to learn more about the apt attack and will try to answer whether how many phases are there in apt attack?

There is a real case study considering it as apt attack examples, where Fortune 500 Company was targeted by a group of attackers. The attackers targeted a group of employees and understood their role in the organization over a period of months. The attackers sent an email with a spreadsheet as an attachment, which had malware in it. Some of the employees clicked on the attachment, and the malware was activated. When the link was pressed, instantly, the malware gets probed and mapped the network to find strategic systems target information. It then searches for the users with high-level administrative privileges and captured their credentials to access systems with target information. The estimated loss for the company was $66 million.

In the latest world based on Information technology, mobile phones, and laptops, the ease of life increases for everyone. But with the emergence of technology, threats to the personal security and privacy of personal data also increase. Medium size Businesses are at the most vulnerable risk of getting prey to various cyber-attacks. One which has gained more popularity over time is advanced persistent threat attack. This apt cyber-attack has the main intention to remain silent and keep tracking over the data transferring and extracting their relevant information throughout without the permission of the owner and receiver of the data.

Apt attack name itself reflects the extent of threat over the IT sector and security of businesses, government agencies, law firms, and online markets. Usually, apt attacks usually target individuals target prey which has more classified data, for example, people who were working in more sensitive positions having access to critical information, to understand the business of the organization and the client profile. Hence, making it the main goal of the apt attack.

The Five-Stage APT Attack

The attackers use various tactics like spear phishing, social engineering, social media, the internet, and emails or through portable devices to reach out to their soft targets. They set up their goals, which are popularly considered by cyber-crime researchers and experts as apt attack goals in different stages. There are five apt attack stages through which a successful apt attack is planned and executed. These are:-

  • Reconnaissance  

This is the first stage where the hacker targets various sources under the nature of its prey. Sending emails or phone calls to a soft target pretending to be a well-wisher are some of the famous and most seen tactics followed during this phase in an apt attack. As this is an initial or a beginner level stage, it is one of the most sophisticated attacks followed by hackers.

  • Incursion

This is the second stage where the apt attack becomes more dangerous but can’t be sensed or felt by the employer. This usually takes place when the innocent prey clicks on the send link through email, opening numerous doors for the hackers to enter into the organization. Meanwhile, after successfully entering into the organization’s personal systems, around 99% of cases, hackers related to apt attack don’t show any clue of their presence and remain unanimous.

  • Discovery

Being the 3rd stage which is the stage of an action for the hacker present in the system maliciously. They started showing movement slowly without being detected and extracting data slowly. By the time during the above two stages, the hacker gets familiar with the status of the company or organization they had entered and list down the key sources like who were they dealing with, they customers personal configured details, etc. they had already during this stage also map out their strategy to successfully and safely get out of the target computer.

  • Capture

Hackers access unprotected systems and capture data over an extended period of time, unbeknownst to the victim enterprise. They may also install malware intended to steal data or disrupt operations.

  • Exfiltration

At this stage, the captured information is sent back to the attack team’s home base for analysis and perhaps further exploitation and fraud.


Apt attack main goal is to first befriend you and then cleverly theft your business modules and highly protocoled information under your nose. Everyone you trust is not always your well-wisher. Hence, before sharing your information with others asking for your business details, think twice, verify thrice to stop mincing for the whole life.

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give you an edge in this competitive world.

Also Read


Related Articles

Please wait while your application is being created.
Request Callback