Thus, what we have here is a botnet: a network of infected computers interacting with a remote control center.
The Shady RAT advanced persistent threat (APT) is a cyber adversary displaying advanced logistical and operational capability for long-term intrusion campaigns. Its goal is to maintain access to victim networks and exfiltrate intellectual property data and information that is advantageous.
Botnets are a tool designed for an organization to control hundreds to millions of infected hosts with identical commands. The larger the botnet, the more effective it will be. To achieve a larger size, botnets are created through indiscriminate victim targeting, making them decidedly visible.
The APT infrastructure is designed for discrete manipulation that allows the APT to achieve precise goals in each victim it compromises. The Shady RAT report reveals the APT specifically targeted key organizations worldwide. Its objective for each victim is unique.
The danger in simplifying the APT as a botnet is that it leads us to ignore the threat that the adversary is much larger, more organized, and better equipped than we assume.