So El Reg has spoken to Dr. Ian Levy, the chief technical director of GCHQ. And Levy goes:
“If you call it an advanced persistent threat, you end up with a narrative that basically says ‘you lot are too stupid to understand this and only I can possibly help you – buy my magic amulet and you’ll be fine.’ It’s medieval witchcraft, it’s genuinely medieval witchcraft.”
He pointed out that a UK telco had recently been taken offline using a SQL injection flaw that was older than the hacker alleged to have used it. That’s not advanced by any stretch of the imagination, he said.
So there you have it. It’s not an APT. It’s you sucking at running an IT organisation.