While new tools are needed to combat ever changing security threats, it is helpful to examine the history of the APT, because it is possible to derive many important lessons for defending against them in the future.
GhostNet was a large-scale cyber espionage operation discovered in March 2009. Its command and control infrastructure was reported to have been based largely in China, although the Chinese government has denied any involvement.
The GhostNet attacks were initiated by spear-phishing emails containing malicious attachments that loaded a Trojan horse on the victim’s system, enabling the execution of commands from a remote command and control system, which downloaded further malware to take full control of the compromised system. The malware included the ability to use audio and video recording devices to monitor the locations housing the compromised computers.