The attacker accomplishes his goal. Often this means stealing intellectual property, financial data, mergers and acquisition information, or Personally Identifiable Information (PII). Once the mission has been completed, most targeted attackers do not leave the environment, but maintain access in case a new mission is directed.

In the case of data exfiltration, the APT may be interested in organizational proprietary data such as engineering designs or employee and customer Personally Identifiable Information (PII). In the case of a denial of service, like the Ukrainian power outage of December 2015, the APT may disable a key component of the organization’s infrastructure to temporarily disrupt services.

Finally, in the case of destruction, an APT like the Stuxnet worm may seek to operate industrial control systems outside of their manufacturer specifications, resulting in catastrophic failure.

Types

• Exfil
• Destruction

Matrix techniques

• Exfiltration
• Defacement

References

• The Cyber Kill Chain Explained
• CYBER ATTACK LIFECYCLE