|  | Attack type |  |  |  |  | ||
---|---|---|---|---|---|---|---|---|
# | Adapted from | Multi-step | Low-level | Slow | Propagation channels | Purpose of function | Attack duration | Special feature |
1 | Project Sauron APT [20] | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | Internet and USB device | Sabotage | 7 months | Bypass air-gapped network |
2 | Flame APT [62] | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) (very slow) | Internet | Data theft | 11 months | Low-level data exfiltration |
3 | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | Internet and LAN spreading | Data wiping | 5 month | Code injection | |
4 | WannaCry APT [65] | \(\checkmark\) | \(\checkmark\) | – | Internet | Ransomware | 1 day | Exploits |
5 | \(\checkmark\) | \(\checkmark\) | \(\checkmark\)(very slow) | Internet and USB device | Data theft | 15 months | Exploits, social engineering | |
6 | \(\checkmark\) | \(\checkmark\) | – | Internet and USB device | Data theft | 1 month | Exploits, social engineering | |
7 | Poseidon APT [68] | \(\checkmark\) | \(\checkmark\) | – | Internet | Remote control | 1 month | Backdoor and code injection |
8 | Dark hotel [69] | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) (very slow) | Internet | Surveillance | 14 months | Stolen digital certificates |
9 | Dark hotel [69] | \(\checkmark\) | \(\checkmark\) | \(\checkmark\) | Internet | Surveillance | 9 months | Stolen digital certificates |