APT -- Both hype and reality

The Advanced Persistent Threat, or APT, sounds exactly like more marketing
hype. And in many cases APT is just a term used to squeeze out more Federal
dollars for security software and hardware. But APT is more than just hype.

Security practitioners have seen a rise in malware installations that provide
backdoors on systems, but remain quiescent most of the time. The typical
bot, for example, often contacts its command and control (C&C) servers and
that chattiness makes bots easier to detect. Malware that is
representative of APT only connects to C&C rarely, for example, only once
a week or even just once a month.

APT is designed to remain stealthy and ready-to-use when the right
situation arises. This may be the decision to launch a simultaneous
attack to steal information, which has been seen, or to disrupt
networks, which has yet to be seen. Unlike bots, APT malware's main
value is its persistance, and its wide penetration in many supposedly
secure networks.
Some people have pointed out that the attacks on Google in
December 2009 did not use the most recent exploits (although one
zero-day was used). If you consider a well-organized adversary whose
armaments consists of exploits, that adversary works much more
efficiently by using the oldest and weakest exploits necessary to
acchieve a particular goal. No need to waste, and thus reveal,
previously unknown exploits.