Standard Definition:
An adversary with sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors (e.g., cyber, physical, and deception), to generate opportunities to achieve its objectives which are typically to establish and extend its presence within the information technology infrastructure of organizations for purposes of continually exfiltrating information and/or to undermine or impede critical aspects of a mission, program, or organization, or place itself in a position to do so in the future; moreover, the advanced persistent threat pursues its objectives repeatedly over an extended period of time, adapting to a defender’s efforts to resist it, and with determination to maintain the level of interaction needed to execute its objectives. [Source]
Simplified Analogy:
The APT is a more advanced type of cyber-attack. The main characteristic of APTs is their persistence and stealth. These threats are willing to spend a lot of time inside the targeted networks to achieve their goals without being detected. It is often suspected to be backed or sponsored by states, especially when the attack displays a high degree of sophistication and resources, though not all APTs are necessarily state sponsored. Advanced Persistent Threats (APTs) primarily target entities of strategic importance. For instance, APTs target government agencies and defence contractors due to their access to military secrets and sensitive diplomatic communications. Critical infrastructure providers, such as those overseeing services like electricity, water supply, and transportation, are also valuable targets for APTs, as disruptions to these services can lead to significant economic or societal impact. APTs may even target the media and telecommunications sectors to control, disrupt, or manipulate information flow, enabling eavesdropping or the spread of disinformation.
Like any other cyber-attack, the first step is to understand the nature and scope of the breach. Which sections of the system were compromised and what security measures were previously in place? Organizations then face their regulatory responsibilities. They will then have the responsibility to follow mandatory notification protocols to inform both the impacted parties and the relevant authorities about the breach.