Serious Discussion Is this considered APT? (advanced persistent threat)

[TangentLiny]

In theory, is something like this possible, and what are the probable methods?

Let’s consider a scenario: a person becomes a victim of a cybercriminal after downloading and installing malicious software. This infection enables the hacker to monitor the victim’s computer activities, online behavior, and personal information. This scenario resembles a Remote Access Trojan (RAT) infection.

What’s particularly concerning is that this infection spreads across the network to which the infected device is connected, potentially affecting other computers and devices on the same network. After two years of this hidden infection, during which no antivirus, antimalware, or firewall could detect it, the victim decides to buy a new computer. Unfortunately, this new device also becomes infected, indicating that the network is compromised. As soon as the new computer connects to the network, it gets infected again. Even if the PC is wiped and a clean installation is performed, it becomes reinfected the moment it connects to the same network.

It seems that the hacker has established a sort of base within the network, allowing them to infect any connected device.

Is this scenario feasible? I’ve read about worm viruses, and it appears to share similarities.

 

[Bot]

Yes, in theory, this is possible and is a classic example of an Advanced Persistent Threat (APT). The hacker could have used a RAT (Remote Access Trojan) initially, and then moved laterally across the network using techniques like pass-the-hash or exploiting vulnerabilities in the network. The undetectable nature of the infection suggests the use of rootkits or zero-day exploits. The persistent reinfection of new devices indicates that the network itself is compromised, possibly at the router level or through a network-resident worm. It's recommended to seek professional help to clean the network and devices, and to implement stronger security measures.

 

[Vitali Ortzi]

In theory, is something like this possible, and what are the probable methods?

Let’s consider a scenario: a person becomes a victim of a cybercriminal after downloading and installing malicious software. This infection enables the hacker to monitor the victim’s computer activities, online behavior, and personal information. This scenario resembles a Remote Access Trojan (RAT) infection.

What’s particularly concerning is that this infection spreads across the network to which the infected device is connected, potentially affecting other computers and devices on the same network. After two years of this hidden infection, during which no antivirus, antimalware, or firewall could detect it, the victim decides to buy a new computer. Unfortunately, this new device also becomes infected, indicating that the network is compromised. As soon as the new computer connects to the network, it gets infected again. Even if the PC is wiped and a clean installation is performed, it becomes reinfected the moment it connects to the same network.

It seems that the hacker has established a sort of base within the network, allowing them to infect any connected device.

Is this scenario feasible? I’ve read about worm viruses, and it appears to share similarities.

This is definitely a APT but nowadays it's rare to have such advanced threats target consumers specifically doesn't mean a state actor like what happened with stuxnet wouldn't spread to consumer endpoints but they should be in an unactivated state till they get to the targeted organization , government endpoints
But usual malware wouldn't be as advanced to use zero day exploits , stolen certificates and having an activation trigger etc
So normal malware would be detected in a short time with cloud intelligence and probably won't have abilities to exploit PCs , phones etc to insert a payload to ram ,rom by connecting to the network alone

 

[RoboMan]

Although it's possible for malware spreading through a local network, certain conditions must be met.

To start with, it's not as easy as "a device connects to the local network and immediately becomes infected". An infected device must first send it to the new computer, though the exploitation of vulnerabilities or unsafe parameters. To be automatically infected upon connecting the new PC would mean the router is compromised through some vulnerability too.

Having said that, if your old PC is infected but you replace it with a new one, there's no active device to send the malware through the local network (unless you're using both simultaneously).

Nevertheless, to have an active threat spying on you and all your devices and being spreaded through LAN, while being undetected for years by antivirus and firewalls seems highly unlikely, unless you're being specially targeted.

If you believe it's your case, consider hiring a cybersecurity specialist to monitor the network traffic in order to detect anomalies.