Early APT attacks

In the mid to late 2000s, a large section of the computer and internet industry was focused solely on increasing the speed and interoperability of their networks and the usability of their products, all while paying little, if any, real attention to security or cyber threats. It wasn't until the discovery of a coordinated and large-scale attack that concern for the future of computer, and later cyber, security became a serious consideration for both developers and persons in places of political power. This first real cyber threat attack at a significant scale was the discovery of the Zeus Botnet in 2007 (Singh & Silakari, 2009). This attack targeted the US Department of Transportation, among other things, and was responsible for extracting large amounts of data from government systems.

A broad range of data, including passwords for master control systems, system administrator passwords, network and control mapping systems, and proprietary code samples, were all taken (Singh & Silakari, 2009). While there were many previous computer viruses and different variations of computer threats prior to this, the discovery of the Zeus Botnet and the engineering and powerful programming capabilities of those behind the threat group led to the development of the term cyber and brought the dedicated study of cyber threats into its own area of focus.

In the realm of kinetic cyber warfare operations, the first real shot across the bow occurred in 2007. Russia was engaged in a low-action but highly tense dispute with the nation of Estonia. While the dispute was not of much international significance beyond basic news coverage, the follow-on cyber-attack and planning certainly was. As the political and societal sabers began to increase their rattling, the government of Russia maneuvered its physical forces into place for an invasion of Estonia. As the offensive ground operations began, nearly every aspect of internet-based infrastructure in Estonia was attacked by Distributed Denial of Service (DDoS) attacks (Goodchild, 2009) and was shut down, or at least severely degraded.

Everything from banking systems, government websites, state-sponsored media outlets, and electrical systems to any other connected system that was of military or strategic importance was taken "offline" by these attacks. Billions of packets were launched simultaneously from tens of thousands of computers and servers located within and outside of Russia as part of this campaign. As the Estonian systems began to crash and communications and coordination were interrupted, the Russian military moved into position and forced its will on the Estonian government. While officially none of the cyber-attacks were either attributed to or acknowledged by the Russian military or government, the implications and trail of evidence indicated that a coordinated cyber-attack was launched in conjunction with this military operation. This was one of the first and most powerful examples in the modern era of warfare of how a relatively simple, yet coordinated cyber-attack could not only hamper communications but also severely impede a defending system and cause a real loss of command and control for those under attack.