As it is generally known in the area of computer security, an advanced persistent threat (APT) is a set of stealthy and continuous computer hacking processes, often orchestrated by human(s), which are used to attack a specific entity. Many advanced persistent threats (APTs) against computer networks involve the use of remote-administration tools (RATs), which permit attackers to remotely administer target systems through a backdoor as if they had real-time local access to them, throughout the post-infection period. RAT server software is installed on a computer within the target network, typically as Trojan software delivered via phishing email, drive-by download, or portable storage device, often by an unwitting victim. Once installed, the RAT server typically connects to an external command and control client, ordinarily operated by a human attacker, who wields the RAT server to reconnoiter and further infiltrate the network, locating target resources, observing and impersonating key personnel, and potentially exfiltrating valuable resources or performing other malicious activities.
Detecting and thwarting RATs would effectively cripple many APTs, because without remote-administration capability, APTs need to rely on moles or other insiders within the target entity.